Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f2078e7 by Neil Williams at 2022-01-25T10:53:43+00:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6738,7 +6738,7 @@ CVE-2021-4173 (vim is vulnerable to Use After Free ...)
NOTE: Introduced after:
https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c
(v8.2.0695)
NOTE: Fixed by:
https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04
(v8.2.3902)
CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository
star7th/showd ...)
- TODO: check
+ NOT-FOR-US: showdoc
CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
NOT-FOR-US: calibre-web
CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation.
This aff ...)
@@ -10070,7 +10070,7 @@ CVE-2021-23148
CVE-2021-44759
RESERVED
CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO
extensio ...)
- TODO: check
+ NOT-FOR-US: mcafee
CVE-2021-4087
RESERVED
CVE-2021-4086
@@ -68848,7 +68848,8 @@ CVE-2021-22567 (Bidirectional Unicode text can be
interpreted and compiled diffe
CVE-2021-22566 (An incorrect setting of UXN bits within
mmu_flags_to_s1_pte_attr lead ...)
TODO: check
CVE-2021-22565 (An attacker could prematurely expire a verification code,
making it un ...)
- TODO: check
+ NOT-FOR-US: Google reference COVID19 exposure verification component
+ NOTE:
https://github.com/google/exposure-notifications-verification-server
CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger
than an i ...)
- jpeg-xl <not-affected> (Fixed with initial upload to Debian)
NOTE: https://github.com/libjxl/libjxl/issues/708
@@ -76468,7 +76469,7 @@ CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version
2.08B01 is vulnerable to comm
CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an
authentication ...)
NOT-FOR-US: Trendnet
CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force
the dev ...)
- TODO: check
+ NOT-FOR-US: Trendnet
CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an
improper access ...)
NOT-FOR-US: Trendnet
CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of
hardcoded cred ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f2078e73d22facb47bc3a69decdc9d8fb0ecf8b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f2078e73d22facb47bc3a69decdc9d8fb0ecf8b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
