[Git][security-tracker-team/security-tracker][master] NFUs

Wed, 01 Sep 2021 01:56:03 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eb3def19 by Moritz Muehlenhoff at 2021-09-01T10:55:26+02:00
NFUs
puppet n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2774,7 +2774,7 @@ CVE-2021-39111 (The Editor plugin in Atlassian Jira 
Server and Data Center befor
 CVE-2021-39110
        RESERVED
 CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard 
before versio ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2021-39108
        RESERVED
 CVE-2021-39107
@@ -6574,7 +6574,7 @@ CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus 
version 6103 and prior allo
 CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is 
vulnera ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable 
to authe ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37414
        RESERVED
 CVE-2021-37413
@@ -9219,7 +9219,7 @@ CVE-2021-3638 [ati-vga: inconsistent check in 
ati_2d_blt() may lead to out-of-bo
        [stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA 
device emulation added later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858
 CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 
10.6.30.0.  ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 
7.9.5.24363 all ...)
        NOT-FOR-US: MIK.starlight
 CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in 
MIK.starlight 7.9.5 ...)
@@ -14209,7 +14209,7 @@ CVE-2021-34068 (Heap based buffer overflow in tsMuxer 
2.6.16 allows attackers to
 CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers 
to cause ...)
        NOT-FOR-US: tsMuxer
 CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. 
There is ...)
-       TODO: check
+       NOT-FOR-US: EdgeGallery/developer
 CVE-2021-34065
        RESERVED
 CVE-2021-34064
@@ -17155,7 +17155,7 @@ CVE-2021-32833
 CVE-2021-32832 (Rocket.Chat is an open-source fully customizable 
communications platfo ...)
        NOT-FOR-US: Rocket.Chat
 CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for 
Node.js p ...)
-       TODO: check
+       NOT-FOR-US: Total.js
 CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The 
locateFont  ...)
        NOT-FOR-US: Node @diez/generation
 CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) 
software aimin ...)
@@ -25528,9 +25528,9 @@ CVE-2021-29633
 CVE-2021-29632
        RESERVED
 CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 
12.2-STABLE before ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 
12.2-STABLE before ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 
12.2-STABLE before ...)
        - dacs <unfixed> (bug #989288; unimportant)
        [stretch] - dacs <not-affected> (Vulnerable module first bundled in 
1.4.40)
@@ -31806,7 +31806,7 @@ CVE-2021-27021 (A flaw was discovered in Puppet DB, 
this flaw results in an esca
        NOTE: 
https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
        NOTE: 
https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
 CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing 
user inp ...)
-       TODO: check
+       - puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2021-27019 (PuppetDB logging included potentially sensitive system 
information. ...)
        TODO: check
 CVE-2021-27018 (The mechanism which performs certificate validation was 
discovered to  ...)
@@ -79651,6 +79651,7 @@ CVE-2020-19482
        RESERVED
 CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated 
by MP4Bo ...)
        - gpac 1.0.1+dfsg1-2
+       [buster] - gpac <ignored> (Minor issue)
        NOTE: 
https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
        NOTE: https://github.com/gpac/gpac/issues/1265
        NOTE: https://github.com/gpac/gpac/issues/1266



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3def19f0ba7fc7a44edbefffae08fd0990e93a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3def19f0ba7fc7a44edbefffae08fd0990e93a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to