[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Dec 13 15:46:29 GMT 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cefdd8b by Moritz Muehlenhoff at 2021-12-13T16:45:45+01:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2992,6 +2992,8 @@ CVE-2021-43798 (Grafana is an open-source platform for monitoring and observabil
 	- grafana <removed>
 CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
 	- netty <unfixed> (bug #1001437)
+	[bullseye] - netty <no-dsa> (Minor issue)
+	[buster] - netty <no-dsa> (Minor issue)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
 	NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
 CVE-2021-43796
@@ -31665,6 +31667,8 @@ CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4
 	NOT-FOR-US: Nagios XI
 CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
 	- nagvis 1:1.9.29-1
+	[bullseye] - nagvis <no-dsa> (Minor issue)
+	[buster] - nagvis <no-dsa> (Minor issue)
 	TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
 CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
 	NOT-FOR-US: Nagios XI
@@ -77845,6 +77849,7 @@ CVE-2020-27512
 CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...)
 	- prototypejs <unfixed> (bug #991898)
 	[bullseye] - prototypejs <no-dsa> (Minor issue)
+	[buster] - prototypejs <no-dsa> (Minor issue)
 	[stretch] - prototypejs <no-dsa> (Minor issue)
 	NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
 	NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
@@ -107696,6 +107701,8 @@ CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the
 	NOT-FOR-US: Foxit Reader
 CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...)
 	- cacti 1.2.19+ds1-1
+	[bullseye] - cacti <no-dsa> (Minor issue)
+	[buster] - cacti <no-dsa> (Minor issue)
 	[stretch] - cacti <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Cacti/cacti/pull/4261
 	NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/f70588ae/attachment.htm>


More information about the debian-security-tracker-commits mailing list