[Git][security-tracker-team/security-tracker][master] new babel issue

Moritz Muehlenhoff jmm at debian.org
Fri Apr 30 12:01:53 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc6157cc by Moritz Muehlenhoff at 2021-04-30T13:00:16+02:00
new babel issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2021-31921
 CVE-2021-31920
 	RESERVED
 CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate rkyv
 CVE-2021-31918
 	RESERVED
 	NOT-FOR-US: tripleo-ansible
@@ -3752,9 +3752,9 @@ CVE-2021-30221
 CVE-2021-30220
 	RESERVED
 CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...)
-	TODO: check
+	NOT-FOR-US: samurai
 CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...)
-	TODO: check
+	NOT-FOR-US: samurai
 CVE-2021-30217
 	RESERVED
 CVE-2021-30216
@@ -5472,7 +5472,7 @@ CVE-2021-29486
 CVE-2021-29485
 	RESERVED
 CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig'  ...)
 	NOT-FOR-US: ManageWiki MediaWiki extension
 CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
@@ -5854,7 +5854,7 @@ CVE-2021-29352
 CVE-2021-29351
 	RESERVED
 CVE-2021-29350 (SQL injection in the getip function in conn/function.php in 发&# ...)
-	TODO: check
+	NOT-FOR-US: Online video course
 CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...)
 	- mahara <removed>
 CVE-2021-29348
@@ -25360,7 +25360,7 @@ CVE-2021-21390 (MinIO is an open-source high performance object storage service
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
 	NOT-FOR-US: BuddyPress WordPress plugin
 CVE-2021-21388 (systeminformation is an open source system and OS information library  ...)
-	TODO: check
+	NOT-FOR-US: Node systeminformation
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
 	NOT-FOR-US: Wrongthink
 CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
@@ -28906,7 +28906,8 @@ CVE-2021-20097
 CVE-2021-20096
 	RESERVED
 CVE-2021-20095 (Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbi ...)
-	TODO: check
+	- python-babel <unfixed>
+	NOTE: https://www.tenable.com/security/research/tra-2021-14
 CVE-2021-20094
 	RESERVED
 CVE-2021-20093
@@ -48902,7 +48903,7 @@ CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB
 	[stretch] - giflib <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/giflib/bugs/151/
 CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...)
-	TODO: check
+	NOT-FOR-US: fast_ber
 CVE-2020-23920
 	RESERVED
 CVE-2020-23919
@@ -48914,9 +48915,13 @@ CVE-2020-23917
 CVE-2020-23916
 	RESERVED
 CVE-2020-23915 (An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...)
-	TODO: check
+	TODO: retroarch and salmon embed peglib, check if it's actually a security issue
+	NOTE: https://github.com/yhirose/cpp-peglib/commit/b3b29ce8f3acf3a32733d930105a17d7b0ba347e
+	NOTE: https://github.com/yhirose/cpp-peglib/issues/122
 CVE-2020-23914 (An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer  ...)
-	TODO: check
+	TODO: retroarch and salmon embed peglib, check if it's actually a security issue
+	NOTE: https://github.com/yhirose/cpp-peglib/commit/0061f393de54cf0326621c079dc2988336d1ebb3
+	NOTE: https://github.com/yhirose/cpp-peglib/issues/121
 CVE-2020-23913
 	RESERVED
 CVE-2020-23912 (An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc6157cc8392c38c527a08ceb1676aeef852e565

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc6157cc8392c38c527a08ceb1676aeef852e565
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210430/224137ae/attachment.htm>

More information about the debian-security-tracker-commits mailing list