[Git][security-tracker-team/security-tracker][master] buster/bullseye triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Dec 13 15:46:29 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1cefdd8b by Moritz Muehlenhoff at 2021-12-13T16:45:45+01:00
buster/bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2992,6 +2992,8 @@ CVE-2021-43798 (Grafana is an open-source platform for monitoring and observabil
- grafana <removed>
CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
- netty <unfixed> (bug #1001437)
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
CVE-2021-43796
@@ -31665,6 +31667,8 @@ CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4
NOT-FOR-US: Nagios XI
CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
- nagvis 1:1.9.29-1
+ [bullseye] - nagvis <no-dsa> (Minor issue)
+ [buster] - nagvis <no-dsa> (Minor issue)
TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
NOT-FOR-US: Nagios XI
@@ -77845,6 +77849,7 @@ CVE-2020-27512
CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...)
- prototypejs <unfixed> (bug #991898)
[bullseye] - prototypejs <no-dsa> (Minor issue)
+ [buster] - prototypejs <no-dsa> (Minor issue)
[stretch] - prototypejs <no-dsa> (Minor issue)
NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
@@ -107696,6 +107701,8 @@ CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the
NOT-FOR-US: Foxit Reader
CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...)
- cacti 1.2.19+ds1-1
+ [bullseye] - cacti <no-dsa> (Minor issue)
+ [buster] - cacti <no-dsa> (Minor issue)
[stretch] - cacti <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Cacti/cacti/pull/4261
NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cefdd8b44ef101b84116f1569cee8fba2e77eb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/f70588ae/attachment.htm>
More information about the debian-security-tracker-commits
mailing list