[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Aug 15 22:26:04 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10173a7f by Moritz Muehlenhoff at 2021-08-15T23:25:34+02:00
NFUs
new ffmpeg non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2021-38701
 CVE-2021-38700
 	RESERVED
 CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
-	TODO: check
+	NOT-FOR-US: TastyIgniter
 CVE-2021-38698
 	RESERVED
 CVE-2021-38697
@@ -253,7 +253,7 @@ CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMap
 	NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd
 	NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c
 CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...)
-	TODO: check
+	NOT-FOR-US: Wasm3
 CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...)
@@ -355,7 +355,7 @@ CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote
 CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...)
 	NOT-FOR-US: CREATIVE Pebble devices
 CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...)
-	TODO: check
+	NOT-FOR-US: Raspberry Pi hardware
 CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...)
 	NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
 CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
@@ -904,7 +904,10 @@ CVE-2021-38293
 CVE-2021-38292
 	RESERVED
 CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
-	TODO: check
+	- ffmpeg <unfixed> (unimportant)
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
+	NOTE: https://trac.ffmpeg.org/ticket/9312
+	NOTE: Negligible security impact
 CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
 	NOT-FOR-US: FUEL CMS
 CVE-2021-38289
@@ -2298,21 +2301,21 @@ CVE-2021-37702
 CVE-2021-37701
 	RESERVED
 CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
-	TODO: check
+	NOT-FOR-US: Node paste-markdown
 CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
 	TODO: check
 CVE-2021-37698
 	RESERVED
 CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
-	TODO: check
+	NOT-FOR-US: tmerc-cogs
 CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
-	TODO: check
+	NOT-FOR-US: tmerc-cogs
 CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
 	- ckeditor <unfixed>
 	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
 	NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
 CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
-	TODO: check
+	NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template
 CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
 	NOT-FOR-US: Discourse
 CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
@@ -3104,7 +3107,7 @@ CVE-2021-37328
 CVE-2021-37327
 	RESERVED
 CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings  ...)
-	TODO: check
+	NOT-FOR-US: NetSarang Xshell
 CVE-2021-37325
 	RESERVED
 CVE-2021-37324
@@ -16711,7 +16714,7 @@ CVE-2021-31568
 CVE-2021-31557
 	RESERVED
 CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension OAuth
 CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
 	NOT-FOR-US: MediaWiki extension OAuth
 CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
@@ -25416,7 +25419,7 @@ CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity
 CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
 	NOT-FOR-US: Open5GS
 CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...)
-	TODO: check
+	NOT-FOR-US: Virtual Robots.txt
 CVE-2021-28120
 	RESERVED
 CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
@@ -40277,7 +40280,7 @@ CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog fun
 CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...)
 	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...)
-	TODO: check
+	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...)
 	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10173a7f2901069d096cfa172f9f902a419db71d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10173a7f2901069d096cfa172f9f902a419db71d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210815/77e3f6da/attachment.htm>

More information about the debian-security-tracker-commits mailing list