[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Sat, 03 Jul 2021 14:54:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
be7dd357 by Moritz Muehlenhoff at 2021-07-03T23:52:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4979,7 +4979,7 @@ CVE-2021-33891
 CVE-2021-33890
        RESERVED
 CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based 
Buffer Overfl ...)
-       TODO: check
+       NOT-FOR-US: OpenThread wpantund
 CVE-2021-33888
        RESERVED
 CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that 
exceed four d ...)
@@ -5159,10 +5159,9 @@ CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM 
through 2.0.6 allows attacker
        {DLA-2696-1}
        - libjdom2-intellij-java <unfixed>
        - libjdom2-java <unfixed>
-       - libjdom1-java <undetermined>
+       - libjdom1-java <unfixed>
        NOTE: https://github.com/hunterhacker/jdom/pull/188
        NOTE: https://alephsecurity.com/vulns/aleph-2021003
-       TODO: check libjdom1-java
 CVE-2021-33812
        RESERVED
 CVE-2021-33811
@@ -7649,7 +7648,7 @@ CVE-2021-32740
 CVE-2021-32739
        RESERVED
 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with 
a Stella ...)
-       TODO: check
+       NOT-FOR-US: js-stellar-sdk
 CVE-2021-32737 (Sulu is an open-source PHP content management system based on 
the Symf ...)
        NOT-FOR-US: Sulu
 CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In 
version ...)
@@ -15598,9 +15597,8 @@ CVE-2021-29501 (Ticketer is a command based ticket 
system cog (plugin) for the r
 CVE-2021-29500 (bubble fireworks is an open source java package relating to 
Spring Fra ...)
        NOT-FOR-US: bubble fireworks
 CVE-2021-29499 (SIF is an open source implementation of the Singularity 
Container Imag ...)
-       - golang-github-sylabs-sif <undetermined>
+       - golang-github-sylabs-sif <unfixed>
        NOTE: 
https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
-       TODO: check
 CVE-2021-29498
        RESERVED
 CVE-2021-29497
@@ -24259,7 +24257,7 @@ CVE-2021-25953
 CVE-2021-25952
        RESERVED
 CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an 
attacker to ca ...)
-       TODO: check
+       NOT-FOR-US: XML2Dict
 CVE-2021-25950
        REJECTED
 CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 
0.1.0 allows ...)
@@ -30195,9 +30193,9 @@ CVE-2021-23405
 CVE-2021-23404
        RESERVED
 CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node ts-nodash
 CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable 
to Prot ...)
-       TODO: check
+       NOT-FOR-US: Node record-like-deep-assign
 CVE-2021-23401
        RESERVED
 CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP 
Header Inje ...)
@@ -61145,15 +61143,15 @@ CVE-2020-23196
 CVE-2020-23195
        RESERVED
 CVE-2020-23194 (A stored cross site scripting (XSS) vulnerability in the 
"Import Subsc ...)
-       TODO: check
+       - phplist <itp> (bug #612288)
 CVE-2020-23193
        RESERVED
 CVE-2020-23192 (A stored cross site scripting (XSS) vulnerability in phplist 
3.5.4 and ...)
-       TODO: check
+       - phplist <itp> (bug #612288)
 CVE-2020-23191
        RESERVED
 CVE-2020-23190 (A stored cross site scripting (XSS) vulnerability in the 
"Import email ...)
-       TODO: check
+       - phplist <itp> (bug #612288)
 CVE-2020-23189
        RESERVED
 CVE-2020-23188
@@ -61163,21 +61161,21 @@ CVE-2020-23187
 CVE-2020-23186
        RESERVED
 CVE-2020-23185 (A stored cross site scripting (XSS) vulnerability in 
/administration/s ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23184 (A stored cross site scripting (XSS) vulnerability in 
/administration/s ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23183
        RESERVED
 CVE-2020-23182 (The component 
/php-fusion/infusions/shoutbox_panel/shoutbox_archive.ph ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23181 (A reflected cross site scripting (XSS) vulnerability in 
/administratio ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23180
        RESERVED
 CVE-2020-23179 (A stored cross site scripting (XSS) vulnerability in 
administration/se ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23178 (An issue exists in PHP-Fusion 9.03.50 where session cookies 
are not de ...)
-       TODO: check
+       NOT-FOR-US: PHP-Fusion
 CVE-2020-23177
        RESERVED
 CVE-2020-23176



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be7dd357c518b01f2dbafd97784715faba783f5d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be7dd357c518b01f2dbafd97784715faba783f5d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to