[Git][security-tracker-team/security-tracker][master] Process NFUs

Thu, 16 Sep 2021 00:47:36 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0749f48a by Neil Williams at 2021-09-16T08:47:09+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -867,15 +867,15 @@ CVE-2021-3798 [Soft token does not check if an EC key is 
valid]
 CVE-2021-40865
        RESERVED
 CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String 
Comparison ...)
-       TODO: check
+       NOT-FOR-US: Hestia Control Panel
 CVE-2021-3796 (vim is vulnerable to Use After Free ...)
        - vim <unfixed>
        NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
        NOTE: 
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 
(v8.2.3428)
 CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression 
Complexit ...)
-       TODO: check
+       NOT-FOR-US: Node semver-regex
 CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression 
Complexity ...)
-       TODO: check
+       NOT-FOR-US: vuelidate for Vue.js
 CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for 
ONLYOFFIC ...)
        NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
 CVE-2021-40863
@@ -992,11 +992,11 @@ CVE-2021-3787
 CVE-2021-3786
        RESERVED
 CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During 
Web Pa ...)
-       TODO: check
+       NOT-FOR-US: yourls
 CVE-2021-3784
        RESERVED
 CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During 
Web Pa ...)
-       TODO: check
+       NOT-FOR-US: yourls
 CVE-2021-3782
        RESERVED
 CVE-2021-3781 [Include device specifier strings in access validation]
@@ -1306,7 +1306,7 @@ CVE-2021-3778 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
        NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
        NOTE: 
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f 
(v8.2.3409)
 CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression 
Complexity ...)
-       TODO: check
+       NOT-FOR-US: nodejs-tmpl
 CVE-2021-40681
        RESERVED
 CVE-2021-40680
@@ -42747,7 +42747,7 @@ CVE-2021-23437 (The package pillow from 0 and before 
8.3.2 are vulnerable to Reg
 CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion 
vulnerab ...)
        NOT-FOR-US: Node immer
 CVE-2021-23435 (This affects the package clearance before 2.5.0. The 
vulnerability can ...)
-       TODO: check
+       NOT-FOR-US: Rails clearance gem
 CVE-2021-23434 (This affects the package object-path before 0.11.6. A type 
confusion v ...)
        - node-object-path 0.11.7-1
        [bullseye] - node-object-path <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0749f48aeab894afd672fe719d200013935ea1e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0749f48aeab894afd672fe719d200013935ea1e0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to