[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 4 13:39:29 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c13ccdc by Moritz Muehlenhoff at 2021-08-04T14:39:17+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37897,10 +37897,13 @@ CVE-2021-22150
 	RESERVED
 CVE-2021-22149
 	RESERVED
+	NOT-FOR-US: Elastic Enterprise Search
 CVE-2021-22148
 	RESERVED
+	NOT-FOR-US: Elastic Enterprise Search
 CVE-2021-22147
 	RESERVED
+	- elasticsearch <removed>
 CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch “ ...)
 	NOT-FOR-US: Elastic Cloud
 CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...)
@@ -73870,31 +73873,57 @@ CVE-2020-19477
 CVE-2020-19476
 	RESERVED
 CVE-2020-19475 (An issue has been found in function CCITTFaxStream::lookChar in PDF2JS ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19474 (An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 t ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19473 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19472 (An issue has been found in function DCTStream::readHuffSym in PDF2JSON ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19471 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19470 (An issue has been found in function DCTStream::getChar in PDF2JSON 0.7 ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19469 (An issue has been found in function DCTStream::reset in PDF2JSON 0.70  ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19468 (An issue has been found in function EmbedStream::getChar in PDF2JSON 0 ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19467 (An issue has been found in function DCTStream::transformDataUnit in PD ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19466 (An issue has been found in function DCTStream::transformDataUnit in PD ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19465 (An issue has been found in function ObjectStream::getObject in PDF2JSO ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19464 (An issue has been found in function XRef::fetch in PDF2JSON 0.70 that  ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19463 (An issue has been found in function vfprintf in PDF2JSON 0.70 that all ...)
-	TODO: check
+	NOT-FOR-US: pdf2json
+	NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+	NOTE: tracking whether this affects src:poppler
 CVE-2020-19462
 	RESERVED
 CVE-2020-19461



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c13ccdcbe69f766bf53e8150d0da3b56ec3bd6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c13ccdcbe69f766bf53e8150d0da3b56ec3bd6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210804/81fe2686/attachment.htm>

More information about the debian-security-tracker-commits mailing list