[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 20 Dec 2021 12:50:50 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a7843e73 by Salvatore Bonaccorso at 2021-12-20T21:50:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3829,7 +3829,7 @@ CVE-2021-44161
 CVE-2021-44160
        RESERVED
 CVE-2021-44159 (4MOSAn GCB Doctor&#8217;s file upload function has improper 
user privi ...)
-       TODO: check
+       NOT-FOR-US: 4MOSAn GCB Doctor
 CVE-2021-44158
        RESERVED
 CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 
and befo ...)
@@ -3854,7 +3854,7 @@ CVE-2021-4008 (A flaw was found in xorg-x11-server in 
versions before 21.1.2 and
        NOTE: 
https://lists.x.org/archives/xorg-announce/2021-December/003122.html
        NOTE: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
 CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a 
local  ...)
-       TODO: check
+       NOT-FOR-US: Rapid7 Insight Agent
 CVE-2021-4006
        RESERVED
 CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 
...)
@@ -4861,7 +4861,7 @@ CVE-2021-43832
 CVE-2021-43831 (Gradio is an open source framework for building interactive 
machine le ...)
        TODO: check
 CVE-2021-43830 (OpenProject is a web-based project management software. 
OpenProject ve ...)
-       TODO: check
+       NOT-FOR-US: OpenProject
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating 
Security  ...)
        NOT-FOR-US: PatrOwl
 CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating 
Security  ...)
@@ -4879,7 +4879,7 @@ CVE-2021-43823 (Sourcegraph is a code search and 
navigation engine. Sourcegraph
 CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP 
Content Reposi ...)
        NOT-FOR-US: Jackalope Doctrine-DBAL
 CVE-2021-43821 (Opencast is an Open Source Lecture Capture &amp; Video 
Management for  ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token 
is used i ...)
        - seafile-server <itp> (bug #865830)
        NOTE: 
https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
@@ -4914,7 +4914,7 @@ CVE-2021-43808 (Laravel is a web application framework. 
Laravel prior to version
        NOTE: 
https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
        NOTE: 
https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b
 (v6.20.42)
 CVE-2021-43807 (Opencast is an Open Source Lecture Capture &amp; Video 
Management for  ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end 
traceability of  ...)
        NOT-FOR-US: Tuleap
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on 
Rails. Vers ...)
@@ -6735,7 +6735,7 @@ CVE-2021-43442
 CVE-2021-43441
        RESERVED
 CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of 
iOrder 1.0 a ...)
-       TODO: check
+       NOT-FOR-US: iOrder
 CVE-2021-43439
        RESERVED
 CVE-2021-43438
@@ -9002,7 +9002,7 @@ CVE-2021-42915
 CVE-2021-42914
        RESERVED
 CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows 
an attac ...)
-       TODO: check
+       NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
 CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS 
command inj ...)
        NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
 CVE-2021-42911
@@ -19263,7 +19263,7 @@ CVE-2021-39185 (Http4s is a minimal, idiomatic Scala 
interface for HTTP services
 CVE-2021-39184 (Electron is a framework for writing cross-platform desktop 
application ...)
        - electron <itp> (bug #842420)
 CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming 
and chat s ...)
-       TODO: check
+       NOT-FOR-US: Owncast
 CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior 
to vers ...)
        NOT-FOR-US: EnroCrypt
 CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). 
Prior to ver ...)
@@ -127720,7 +127720,7 @@ CVE-2020-8107
 CVE-2020-8106
        REJECTED
 CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect 
handler of A ...)
-       TODO: check
+       NOT-FOR-US: Abode iota All-In-One Security Kit
 CVE-2020-8104
        RESERVED
 CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in 
Bitdefen ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to