Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56959d72 by Moritz Mühlenhoff at 2021-08-27T23:46:40+02:00
NFUs
new gitlab issues
crossbeam-deque no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1174,7 +1174,7 @@ CVE-2021-39604
CVE-2021-39603
RESERVED
CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the
do_mkd fu ...)
- TODO: check
+ NOT-FOR-US: Miniftpd
CVE-2021-39601
RESERVED
CVE-2021-39600
@@ -1669,7 +1669,7 @@ CVE-2020-36476 (An issue was discovered in Mbed TLS
before 2.24.0 (and before 2.
CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before
2.16.9 L ...)
- mbedtls 2.16.9-0.1
CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A
response from A ...)
- TODO: check
+ NOT-FOR-US: ReCaptcha Solver
CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not
enable ...)
- evolution-rss <unfixed>
[stretch] - evolution-rss <postponed> (Minor issue, revisit when/if
fixed upstream)
@@ -2151,15 +2151,15 @@ CVE-2021-39171
CVE-2021-39170
RESERVED
CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions
of Miss ...)
- TODO: check
+ NOT-FOR-US: Misskey
CVE-2021-39168 (OpenZepplin is a library for smart contract development. In
affected v ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2021-39167 (OpenZepplin is a library for smart contract development. In
affected v ...)
- TODO: check
+ NOT-FOR-US: OpenZeppelin
CVE-2021-39166
RESERVED
CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and
includi ...)
- TODO: check
+ NOT-FOR-US: Cachet
CVE-2021-39164
RESERVED
CVE-2021-39163
@@ -2169,11 +2169,11 @@ CVE-2021-39162
CVE-2021-39161 (Discourse is an open source platform for community discussion.
In affe ...)
NOT-FOR-US: Discourse
CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git
repository one ...)
- TODO: check
+ NOT-FOR-US: nbgitpuller
CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows
users to sha ...)
- TODO: check
+ NOT-FOR-US: BinderHub
CVE-2021-39158 (NVCaffe's python required dependencies list used to contain
`gfortran` ...)
- TODO: check
+ NOT-FOR-US: NVCaffe
CVE-2021-39157 (detect-character-encoding is an open source character encoding
inspect ...)
NOT-FOR-US: detect-character-encoding
CVE-2021-39156 (Istio is an open source platform for providing a uniform way
to integr ...)
@@ -2243,7 +2243,7 @@ CVE-2021-39139 (XStream is a simple library to serialize
objects to XML and back
CVE-2021-39138 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum
protocol ...)
- TODO: check
+ NOT-FOR-US: go-ethereum
CVE-2021-39136 (baserCMS is an open source content management system with a
focus on J ...)
NOT-FOR-US: baserCMS
CVE-2021-39135
@@ -10610,7 +10610,7 @@ CVE-2021-35467
CVE-2021-35466
RESERVED
CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly
consider the ef ...)
- TODO: check
+ NOT-FOR-US: ARM
CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization
vulnerabilit ...)
NOT-FOR-US: ForgeRock
CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend
Taglib module ...)
@@ -14821,7 +14821,7 @@ CVE-2021-33607
CVE-2021-33606
RESERVED
CVE-2021-33605 (Improper check in CheckboxGroup in
com.vaadin:vaadin-checkbox-flow ver ...)
- TODO: check
+ NOT-FOR-US: com.vaadin:vaadin-checkbox-flow
CVE-2021-33604 (URL encoding error in development mode handler in
com.vaadin:flow-serv ...)
NOT-FOR-US: com.vaadin:flow-server
CVE-2021-33603
@@ -16701,6 +16701,8 @@ CVE-2021-32811 (Zope is an open-source web application
server. Zope versions pri
NOTE: only affects specific versions using Python3 with options
enabled..
CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for
building task ...)
- rust-crossbeam-deque <unfixed> (bug #993146)
+ [bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam-deque <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html
CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich
content suppo ...)
- ckeditor 4.16.2+dfsg-1 (bug #992291)
@@ -16857,7 +16859,7 @@ CVE-2021-32760 (containerd is a container runtime. A
bug was found in containerd
CVE-2021-32759
RESERVED
CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE
official rele ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-32757
RESERVED
CVE-2021-32756 (ManageIQ is an open-source management platform. In versions
prior to j ...)
@@ -42550,7 +42552,7 @@ CVE-2021-22255 (SSRF in URL file upload in Baserow
<1.1.0 allows remote authe
CVE-2021-22254 (Under very specific conditions a user could be impersonated
using Gitl ...)
- gitlab <unfixed>
CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions
since 13.4 ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE
affecting all ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2021-22251 (Improper validation of invited users' email address in GitLab
EE affec ...)
@@ -42558,7 +42560,7 @@ CVE-2021-22251 (Improper validation of invited users'
email address in GitLab EE
CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions
since 13 ...)
- gitlab <unfixed>
CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions
since 12.2 ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE
affecting ...)
- gitlab <not-affected> (Vulnerable code intrododuced later)
CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions
since 13 ...)
@@ -42568,11 +42570,11 @@ CVE-2021-22246 (A vulnerability was discovered in
GitLab versions before 14.0.2,
CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting
all ver ...)
- gitlab <unfixed>
CVE-2021-22244 (Improper authorization in the vulnerability report feature in
GitLab E ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting
7.10 may ...)
- gitlab <unfixed>
CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab
CE/EE ve ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6,
13.12.6, and 14 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56959d72bc85c7ea9cd4b1bddaf643b039c3c3bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56959d72bc85c7ea9cd4b1bddaf643b039c3c3bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
