bullseye triage

Moritz Muehlenhoff (@jmm) Mon, 13 Dec 2021 07:46:41 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1cefdd8b by Moritz Muehlenhoff at 2021-12-13T16:45:45+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2992,6 +2992,8 @@ CVE-2021-43798 (Grafana is an open-source platform for 
monitoring and observabil
        - grafana <removed>
 CVE-2021-43797 (Netty is an asynchronous event-driven network application 
framework fo ...)
        - netty <unfixed> (bug #1001437)
+       [bullseye] - netty <no-dsa> (Minor issue)
+       [buster] - netty <no-dsa> (Minor issue)
        NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
        NOTE: 
https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 
(netty-4.1.71.Final)
 CVE-2021-43796
@@ -31665,6 +31667,8 @@ CVE-2021-33179 (The general user interface in Nagios XI 
versions prior to 5.8.4
        NOT-FOR-US: Nagios XI
 CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions 
prior to 2 ...)
        - nagvis 1:1.9.29-1
+       [bullseye] - nagvis <no-dsa> (Minor issue)
+       [buster] - nagvis <no-dsa> (Minor issue)
        TODO: check, affects nagvis plugin used in Nagios XI and should be 
fixed in 2.0.9, 
https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
 CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions 
prior to 5. ...)
        NOT-FOR-US: Nagios XI
@@ -77845,6 +77849,7 @@ CVE-2020-27512
 CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML 
components i ...)
        - prototypejs <unfixed> (bug #991898)
        [bullseye] - prototypejs <no-dsa> (Minor issue)
+       [buster] - prototypejs <no-dsa> (Minor issue)
        [stretch] - prototypejs <no-dsa> (Minor issue)
        NOTE: 
https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
        NOTE: 
https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
@@ -107696,6 +107701,8 @@ CVE-2020-14425 (Foxit Reader before 10.0 allows 
Remote Command Execution via the
        NOT-FOR-US: Foxit Reader
 CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via 
templat ...)
        - cacti 1.2.19+ds1-1
+       [bullseye] - cacti <no-dsa> (Minor issue)
+       [buster] - cacti <no-dsa> (Minor issue)
        [stretch] - cacti <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/Cacti/cacti/pull/4261
        NOTE: 
https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c 
(release/1.2.18)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Reply via email to