[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

Fri Aug 27 21:30:20 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27a403ff by Salvatore Bonaccorso at 2021-08-27T22:25:35+02:00
Process one NFU

- - - - -
f3c04d4d by Salvatore Bonaccorso at 2021-08-27T22:29:46+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2167,7 +2167,7 @@ CVE-2021-39163
 CVE-2021-39162
 	RESERVED
 CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
 	TODO: check
 CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...)
@@ -8101,9 +8101,9 @@ CVE-2021-36533
 CVE-2021-36532
 	RESERVED
 CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...)
-	TODO: check
+	NOT-FOR-US: ngiflib
 CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...)
-	TODO: check
+	NOT-FOR-US: ngiflib
 CVE-2021-36529
 	RESERVED
 CVE-2021-36528
@@ -10866,7 +10866,7 @@ CVE-2021-35344
 CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
 	NOT-FOR-US: SeedDMS
 CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...)
-	TODO: check
+	NOT-FOR-US: Northern.tech
 CVE-2021-35341
 	RESERVED
 CVE-2021-35340
@@ -24652,7 +24652,7 @@ CVE-2021-29746
 CVE-2021-29745
 	RESERVED
 CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29743
 	RESERVED
 CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
@@ -28316,7 +28316,7 @@ CVE-2021-28235
 CVE-2021-28234
 	RESERVED
 CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...)
-	TODO: check
+	NOT-FOR-US: ok-file-formats
 CVE-2021-28232
 	RESERVED
 CVE-2021-28231
@@ -34210,7 +34210,7 @@ CVE-2021-3266
 CVE-2021-3265
 	RESERVED
 CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...)
-	TODO: check
+	NOT-FOR-US: cxuucms
 CVE-2021-3263
 	RESERVED
 CVE-2021-3262
@@ -76582,7 +76582,7 @@ CVE-2020-20677
 CVE-2020-20676
 	RESERVED
 CVE-2020-20675 (Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoods ...)
-	TODO: check
+	NOT-FOR-US: Nuishop
 CVE-2020-20674
 	RESERVED
 CVE-2020-20673
@@ -80002,15 +80002,15 @@ CVE-2020-19004
 CVE-2020-19003
 	RESERVED
 CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Mezzanine CMS
 CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Simiki
 CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote  ...)
-	TODO: check
+	NOT-FOR-US: Simiki
 CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: Blog_mini
 CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: Blog_mini
 CVE-2020-18997
 	RESERVED
 CVE-2020-18996



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/92a065de80a317d2105e39fcaae9c14b1cf2db5f...f3c04d4d8ffb2efd3d4ee12003a4e66bfb3bcfbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/92a065de80a317d2105e39fcaae9c14b1cf2db5f...f3c04d4d8ffb2efd3d4ee12003a4e66bfb3bcfbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210827/560c7e9e/attachment.htm>
