[Git][security-tracker-team/security-tracker][master] NFUs and two ITPs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54f0f060 by Neil Williams at 2021-12-03T11:34:53+00:00
NFUs and two ITPs

libredwg and libretime

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3127,13 +3127,13 @@ CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS)
 CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: nZEDb
 CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
-	TODO: check
+	- libretime <itp> (bug #888687)
 CVE-2021-43684
 	RESERVED
 CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: pictshare
 CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site  ...)
-	TODO: check
+	NOT-FOR-US: ThinkPHP BJY Blog
 CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
 	NOT-FOR-US: SakuraPanel
 CVE-2021-43680
@@ -4047,7 +4047,7 @@ CVE-2021-43329
 CVE-2021-43328
 	RESERVED
 CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC  ...)
-	TODO: check
+	NOT-FOR-US: Renesas
 CVE-2021-43326
 	RESERVED
 CVE-2021-43325
@@ -6508,7 +6508,7 @@ CVE-2021-42713
 CVE-2021-42712
 	RESERVED
 CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File  ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Network Access Client
 CVE-2021-42710
 	RESERVED
 CVE-2021-42709
@@ -6806,7 +6806,7 @@ CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
 CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
 	NOT-FOR-US: myfactory.FMS
 CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
-	TODO: check
+	NOT-FOR-US: Cryptshare Server
 CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
 	NOT-FOR-US: NI Service Locator
 CVE-2021-3893
@@ -43262,9 +43262,9 @@ CVE-2021-28239
 CVE-2021-28238
 	RESERVED
 CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via  ...)
-	TODO: check
+	- libredwg <itp> (bug #595191)
 CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference  ...)
-	TODO: check
+	- libredwg <itp> (bug #595191)
 CVE-2021-28235
 	RESERVED
 CVE-2021-28234
@@ -47223,7 +47223,7 @@ CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution.
 CVE-2021-26613
 	RESERVED
 CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Nexacro
 CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
 	NOT-FOR-US: HejHome GKW-IC052 IP Camera
 CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
@@ -47895,7 +47895,7 @@ CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may
 CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
 	NOT-FOR-US: AMD
 CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
 	NOT-FOR-US: AMD
 CVE-2021-26332



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f0f0609bb39f919f7b3cc55231b74eed3cdb30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f0f0609bb39f919f7b3cc55231b74eed3cdb30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211203/5f6080b6/attachment.htm>