Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc85871f by Neil Williams at 2022-01-25T14:59:06+00:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65292,17 +65292,17 @@ CVE-2021-24048
CVE-2021-24047
RESERVED
CVE-2021-24046 (A logic flaw in Ray-Ban® Stories device software allowed
some par ...)
- TODO: check
+ NOT-FOR-US: Facebook View
CVE-2021-24045 (A type confusion vulnerability could be triggered when
resolving the " ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2021-24044 (By passing invalid javascript code where await and yield were
called u ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2021-24043
RESERVED
CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23,
WhatsApp ...)
- TODO: check
+ NOT-FOR-US: Whatsapp
CVE-2021-24041 (A missing bounds check in image blurring code prior to
WhatsApp for An ...)
- TODO: check
+ NOT-FOR-US: Whatsapp
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker
with the ...)
NOT-FOR-US: Facebook ParlAI
CVE-2021-24039
@@ -65891,7 +65891,7 @@ CVE-2021-23844
CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and
AmcIpConfig.exe are us ...)
NOT-FOR-US: Bosch
CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art
cryptographic algori ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash()
attempts ...)
{DSA-4855-1 DLA-2565-1 DLA-2563-1}
- openssl 1.1.1j-1
@@ -65986,7 +65986,7 @@ CVE-2021-23826
CVE-2021-23825
RESERVED
CVE-2021-23824 (This affects the package Crow before 0.3+4. When using
attributes with ...)
- TODO: check
+ NOT-FOR-US: CrowCpp
CVE-2021-23823
RESERVED
CVE-2021-23822
@@ -66043,7 +66043,7 @@ CVE-2021-23799
CVE-2021-23798
RESERVED
CVE-2021-23797 (All versions of package http-server-node are vulnerable to
Directory T ...)
- TODO: check
+ NOT-FOR-US: Node http-server
CVE-2021-23796
RESERVED
CVE-2021-23795
@@ -66093,7 +66093,7 @@ CVE-2021-23774
CVE-2021-23773
RESERVED
CVE-2021-23772 (This affects all versions of package github.com/kataras/iris;
all vers ...)
- TODO: check
+ NOT-FOR-US: iris Go web framework
CVE-2021-23771
RESERVED
CVE-2021-23770
@@ -66240,7 +66240,7 @@ CVE-2021-23702
CVE-2021-23701
RESERVED
CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to
Prototype Pollut ...)
- TODO: check
+ NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep).
CVE-2021-23699
RESERVED
CVE-2021-23698
@@ -66312,9 +66312,9 @@ CVE-2021-23666
CVE-2021-23665
RESERVED
CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: cors-proxy
CVE-2021-23663 (All versions of package sey are vulnerable to Prototype
Pollution via ...)
- TODO: check
+ NOT-FOR-US: sey - Deprecated Simple JavaScript build tool
CVE-2021-23662
RESERVED
CVE-2021-23661
@@ -66362,7 +66362,7 @@ CVE-2021-23641
CVE-2021-23640
RESERVED
CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Node md-to-pdf
CVE-2021-23638
RESERVED
CVE-2021-23637
@@ -66378,7 +66378,7 @@ CVE-2021-23633
CVE-2021-23632
RESERVED
CVE-2021-23631 (This affects all versions of package convert-svg-core; all
versions of ...)
- TODO: check
+ NOT-FOR-US: Node convert-svg
CVE-2021-23630
RESERVED
CVE-2021-23629
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc85871f591229f2aed997b9bf45bf62ff4deb51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc85871f591229f2aed997b9bf45bf62ff4deb51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
