[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Sun, 14 Nov 2021 00:30:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f2a6f439 by Salvatore Bonaccorso at 2021-11-14T09:30:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2021-3947 [NVME: Arbitrary Memory Read]
 CVE-2021-3946
        RESERVED
 CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of 
Input Duri ...)
-       TODO: check
+       NOT-FOR-US: django-helpdesk
 CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote 
attackers (fro ...)
        TODO: check
 CVE-2021-3944
@@ -524,7 +524,7 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd before 
0.9 20210404-9. When
 CVE-2021-43410
        RESERVED
 CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-       TODO: check
+       NOT-FOR-US: twill
 CVE-2021-43409
        RESERVED
 CVE-2021-43408
@@ -7787,7 +7787,7 @@ CVE-2021-41256
 CVE-2021-41255
        RESERVED
 CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in 
running  ...)
-       TODO: check
+       NOT-FOR-US: kustomize-controller
 CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis 
versions v ...)
        - zydis <unfixed> (bug #999431)
        NOTE: 
https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -11951,7 +11951,7 @@ CVE-2021-39476
 CVE-2021-39475
        RESERVED
 CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router 
supported a ...)
-       TODO: check
+       NOT-FOR-US: Docsis UBC1319BA00 Router
 CVE-2021-39473
        RESERVED
 CVE-2021-39472
@@ -22640,7 +22640,7 @@ CVE-2021-3610 [heap-based buffer overflow in 
ReadTIFFImage() in coders/tiff.c]
        - imagemagick <not-affected> (Specific to Imagemagick 7)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
 CVE-2021-35053 (Possible system denial of service in case of arbitrary 
changing Firefo ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2021-35052
        RESERVED
 CVE-2021-35051
@@ -25532,7 +25532,7 @@ CVE-2021-33802
 CVE-2021-33801
        RESERVED
 CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain 
function ...)
-       TODO: check
+       NOT-FOR-US: Alibaba Druid
 CVE-2021-33799
        RESERVED
 CVE-2021-33798
@@ -45425,7 +45425,7 @@ CVE-2021-25982
 CVE-2021-25981
        RESERVED
 CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, 
v0.2020.22 ...)
-       TODO: check
+       NOT-FOR-US: Talkyard
 CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an 
insuffi ...)
        NOT-FOR-US: Apostrophe CMS
 CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable 
to Stor ...)
@@ -50721,7 +50721,7 @@ CVE-2021-23786
 CVE-2021-23785
        RESERVED
 CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to 
the esc ...)
-       TODO: check
+       NOT-FOR-US: tempura
 CVE-2021-23783
        RESERVED
 CVE-2021-23782
@@ -51041,7 +51041,7 @@ CVE-2021-23626
 CVE-2021-23625
        RESERVED
 CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Node dotty
 CVE-2021-23623
        RESERVED
 CVE-2021-23622
@@ -51271,7 +51271,7 @@ CVE-2021-23511
 CVE-2021-23510
        RESERVED
 CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type 
confusion vulne ...)
-       TODO: check
+       NOT-FOR-US: Node json-ptr
 CVE-2021-23508
        RESERVED
 CVE-2021-23507
@@ -52753,7 +52753,7 @@ CVE-2021-22872 (Revive Adserver before 5.1.0 is 
vulnerable to a reflected cross-
 CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager 
account t ...)
        NOT-FOR-US: Revive Adserver
 CVE-2021-22870 (A path traversal vulnerability was identified in GitHub Pages 
builds o ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise 
Server a ...)
        NOT-FOR-US: GitHub Enterprise Server
 CVE-2021-22868 (A path traversal vulnerability was identified in GitHub 
Enterprise Ser ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a6f4393abb96da7eb356211aac34b5e9061762

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a6f4393abb96da7eb356211aac34b5e9061762
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to