Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ccf0c358 by Moritz Muehlenhoff at 2021-11-01T09:35:51+01:00
NFUs
remove TODO for libstd, codebases which embed it not security relevant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1043,16 +1043,14 @@ CVE-2021-3894
CVE-2021-42717
RESERVED
CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM
loader incorr ...)
- - libstb <undetermined>
+ - libstb <unfixed>
NOTE: https://github.com/nothings/stb/issues/1166
NOTE: https://github.com/nothings/stb/issues/1225
NOTE: https://github.com/nothings/stb/pull/1223
- TODO: check libstb itself, and various packages embedd a copy
CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27.
The HDR ...)
- - libstb <undetermined>
+ - libstb <unfixed>
NOTE: https://github.com/nothings/stb/issues/1224
NOTE: https://github.com/nothings/stb/pull/1223
- TODO: check libstb itself, and various packages embedd a copy
CVE-2021-42714
RESERVED
CVE-2021-42713
@@ -1094,7 +1092,7 @@ CVE-2021-42696
CVE-2021-42695
RESERVED
CVE-2021-42694 (An issue was discovered in the character definitions of the
Unicode Sp ...)
- TODO: check
+ NOT-FOR-US: Unicode spec
CVE-2021-42693
RESERVED
CVE-2021-42692
@@ -5438,7 +5436,7 @@ CVE-2021-3813
CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection
in the w ...)
NOT-FOR-US: NETGEAR
CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center
allow authe ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2021-41312
RESERVED
CVE-2021-41311
@@ -5712,7 +5710,7 @@ CVE-2021-41196
CVE-2021-41195
RESERVED
CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps
new use ...)
- TODO: check
+ NOT-FOR-US: FirstUseAuthenticator for JupyterHub
CVE-2021-41193
RESERVED
CVE-2021-41192
@@ -5771,9 +5769,9 @@ CVE-2021-41170
CVE-2021-41169 (Sulu is an open-source PHP content management system based on
the Symf ...)
NOT-FOR-US: Sulu
CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown
parser used ...)
- TODO: check
+ NOT-FOR-US: Snudown
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for
asynchro ...)
- TODO: check
+ NOT-FOR-US: modern-async
CVE-2021-41166
RESERVED
CVE-2021-41165
@@ -5819,9 +5817,9 @@ CVE-2021-41152 (OpenOlat is a web-based e-learning
platform for teaching, learni
CVE-2021-41151 (Backstage is an open platform for building developer portals.
In affec ...)
NOT-FOR-US: Backstage
CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and
generat ...)
- TODO: check
+ NOT-FOR-US: Tough
CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and
generat ...)
- TODO: check
+ NOT-FOR-US: Tough
CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
NOT-FOR-US: Tuleap
CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
@@ -12384,7 +12382,7 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge
requests for the same MP3 s
NOTE:
http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has
Insecure Permi ...)
- TODO: check
+ NOT-FOR-US: CFEngine Enterprise
CVE-2021-38378
RESERVED
CVE-2021-38377
@@ -16352,7 +16350,7 @@ CVE-2021-36758 (1Password Connect server before 1.2 is
missing validation checks
CVE-2021-36757
RESERVED
CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL
Certificate ...)
- TODO: check
+ NOT-FOR-US: CFEngine Enterprise
CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows
XSS via ...)
NOT-FOR-US: Nightscout Web Monitor
CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows
anybody to cra ...)
@@ -122264,8 +122262,6 @@ CVE-2020-6619 (stb stb_truetype.h through 1.22 has an
assertion failure in stbtt
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer
over-read in s ...)
- libstb <unfixed> (unimportant; bug #949555)
- [bullseye] - libstb <no-dsa> (Minor issue)
- [buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/866
NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in
stbtt__cff ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccf0c3583ccc915d928af60614e88a0171ab6836
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccf0c3583ccc915d928af60614e88a0171ab6836
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
