[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 27 22:47:08 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56959d72 by Moritz Mühlenhoff at 2021-08-27T23:46:40+02:00
NFUs
new gitlab issues
crossbeam-deque no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1174,7 +1174,7 @@ CVE-2021-39604
 CVE-2021-39603
 	RESERVED
 CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...)
-	TODO: check
+	NOT-FOR-US: Miniftpd
 CVE-2021-39601
 	RESERVED
 CVE-2021-39600
@@ -1669,7 +1669,7 @@ CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.
 CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
 	- mbedtls 2.16.9-0.1
 CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...)
-	TODO: check
+	NOT-FOR-US: ReCaptcha Solver
 CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable  ...)
 	- evolution-rss <unfixed>
 	[stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -2151,15 +2151,15 @@ CVE-2021-39171
 CVE-2021-39170
 	RESERVED
 CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin
 CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin
 CVE-2021-39166
 	RESERVED
 CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...)
-	TODO: check
+	NOT-FOR-US: Cachet
 CVE-2021-39164
 	RESERVED
 CVE-2021-39163
@@ -2169,11 +2169,11 @@ CVE-2021-39162
 CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
-	TODO: check
+	NOT-FOR-US: nbgitpuller
 CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...)
-	TODO: check
+	NOT-FOR-US: BinderHub
 CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...)
-	TODO: check
+	NOT-FOR-US: NVCaffe
 CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...)
 	NOT-FOR-US: detect-character-encoding
 CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...)
@@ -2243,7 +2243,7 @@ CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back
 CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...)
-	TODO: check
+	NOT-FOR-US: go-ethereum
 CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...)
 	NOT-FOR-US: baserCMS
 CVE-2021-39135
@@ -10610,7 +10610,7 @@ CVE-2021-35467
 CVE-2021-35466
 	RESERVED
 CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...)
-	TODO: check
+	NOT-FOR-US: ARM
 CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
 	NOT-FOR-US: ForgeRock
 CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
@@ -14821,7 +14821,7 @@ CVE-2021-33607
 CVE-2021-33606
 	RESERVED
 CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...)
-	TODO: check
+	NOT-FOR-US: com.vaadin:vaadin-checkbox-flow
 CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
 	NOT-FOR-US: com.vaadin:flow-server
 CVE-2021-33603
@@ -16701,6 +16701,8 @@ CVE-2021-32811 (Zope is an open-source web application server. Zope versions pri
 	NOTE: only affects specific versions using Python3 with options enabled..
 CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
 	- rust-crossbeam-deque <unfixed> (bug #993146)
+	[bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue)
+	[buster] - rust-crossbeam-deque <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html
 CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
 	- ckeditor 4.16.2+dfsg-1 (bug #992291)
@@ -16857,7 +16859,7 @@ CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd
 CVE-2021-32759
 	RESERVED
 CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-32757
 	RESERVED
 CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...)
@@ -42550,7 +42552,7 @@ CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authe
 CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
 	- gitlab <unfixed>
 CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...)
 	- gitlab <not-affected> (Vulnerable code introduced later)
 CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
@@ -42558,7 +42560,7 @@ CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE
 CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
 	- gitlab <unfixed>
 CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...)
 	- gitlab <not-affected> (Vulnerable code intrododuced later)
 CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
@@ -42568,11 +42570,11 @@ CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2,
 CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...)
 	- gitlab <unfixed>
 CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may  ...)
 	- gitlab <unfixed>
 CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56959d72bc85c7ea9cd4b1bddaf643b039c3c3bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56959d72bc85c7ea9cd4b1bddaf643b039c3c3bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210827/d7cfa707/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list