[Git][security-tracker-team/security-tracker][master] new liblivemedia issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 18 22:26:02 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f66fdf8f by Moritz Muehlenhoff at 2021-08-18T23:25:30+02:00
new liblivemedia issues
NFUs
nextcloud-client n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,15 +9,19 @@ CVE-2021-39288
 CVE-2021-39287
 	RESERVED
 CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...)
-	TODO: check
+	NOT-FOR-US: Webrecorder pywb
 CVE-2021-39285
 	RESERVED
 CVE-2021-39284
 	RESERVED
 CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
-	TODO: check
+	- liblivemedia <removed>
+	[buster] - liblivemedia <ignored> (Minor issue)
+	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
 CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...)
-	TODO: check
+	- liblivemedia <removed>
+	[buster] - liblivemedia <ignored> (Minor issue)
+	NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
 CVE-2021-39281
 	RESERVED
 CVE-2021-39280
@@ -43,7 +47,7 @@ CVE-2021-39272
 CVE-2021-39271
 	RESERVED
 CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...)
-	TODO: check
+	NOT-FOR-US: Ping Identity RSA SecurID Integration Kit
 CVE-2021-39269
 	RESERVED
 CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
@@ -1193,7 +1197,7 @@ CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
 CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...)
 	NOT-FOR-US: OneNav
 CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...)
-	TODO: check
+	NOT-FOR-US: Yclas
 CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
 	NOT-FOR-US: ocProducts Composr CMS
 CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
@@ -3515,13 +3519,13 @@ CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagi
 CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
 	NOT-FOR-US: Discourse
 CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2021-37701
 	RESERVED
 CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
 	NOT-FOR-US: Node paste-markdown
 CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
-	TODO: check
+	NOT-FOR-US: next.js
 CVE-2021-37698
 	RESERVED
 CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
@@ -3699,7 +3703,8 @@ CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
 	NOTE: https://github.com/Exiv2/exiv2/pull/1759
 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
-	TODO: check
+	- nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian)
+	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
 CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
@@ -4261,7 +4266,7 @@ CVE-2021-37360
 CVE-2021-37359
 	RESERVED
 CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: SEACMS
 CVE-2021-37357
 	RESERVED
 CVE-2021-37356



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f66fdf8f15535ba18f2067095b0975f6a88e16ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f66fdf8f15535ba18f2067095b0975f6a88e16ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210818/eedd0ea5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list