[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Apr 22 09:55:22 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
caccc624 by Moritz Muehlenhoff at 2021-04-22T10:54:27+02:00
NFUs
commit ref for sidekiq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3030,6 +3030,7 @@ CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the q
 	- ruby-sidekiq <unfixed>
 	[stretch] - ruby-sidekiq <no-dsa> (Minor issue)
 	NOTE: https://github.com/mperham/sidekiq/issues/4852
+	NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
 	NOT-FOR-US: Composr
 CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
@@ -4565,7 +4566,7 @@ CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of U
 	NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
 CVE-2021-29461 (### Impact - This issue could be exploited to read internal files from ...)
-	TODO: check
+	NOT-FOR-US: Discord-Recon
 CVE-2021-29460
 	RESERVED
 CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -7480,7 +7481,7 @@ CVE-2021-28169
 CVE-2021-28168
 	RESERVED
 CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
-	TODO: check
+	NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
 	- mosquitto 2.0.10-1 (bug #986701)
 	[buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
@@ -22907,9 +22908,9 @@ CVE-2020-36122
 CVE-2020-36121
 	RESERVED
 CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...)
-	- libsixel <undetermined>
+	- libsixel <unfixed>
+	[buster] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/143
-	TODO: check details
 CVE-2020-36119
 	RESERVED
 CVE-2020-36118



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caccc6243e3cac19fa92cb47acd61225f79cb214

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caccc6243e3cac19fa92cb47acd61225f79cb214
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210422/ec2aa619/attachment.htm>

More information about the debian-security-tracker-commits mailing list