[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 20 20:50:42 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7843e73 by Salvatore Bonaccorso at 2021-12-20T21:50:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3829,7 +3829,7 @@ CVE-2021-44161
 CVE-2021-44160
 	RESERVED
 CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...)
-	TODO: check
+	NOT-FOR-US: 4MOSAn GCB Doctor
 CVE-2021-44158
 	RESERVED
 CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
@@ -3854,7 +3854,7 @@ CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and
 	NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
 CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local  ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Insight Agent
 CVE-2021-4006
 	RESERVED
 CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -4861,7 +4861,7 @@ CVE-2021-43832
 CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
 	TODO: check
 CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
 	NOT-FOR-US: PatrOwl
 CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
@@ -4879,7 +4879,7 @@ CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph
 CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...)
 	NOT-FOR-US: Jackalope Doctrine-DBAL
 CVE-2021-43821 (Opencast is an Open Source Lecture Capture & Video Management for  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
 	- seafile-server <itp> (bug #865830)
 	NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
@@ -4914,7 +4914,7 @@ CVE-2021-43808 (Laravel is a web application framework. Laravel prior to version
 	NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
 	NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
 CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of  ...)
 	NOT-FOR-US: Tuleap
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
@@ -6735,7 +6735,7 @@ CVE-2021-43442
 CVE-2021-43441
 	RESERVED
 CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
-	TODO: check
+	NOT-FOR-US: iOrder
 CVE-2021-43439
 	RESERVED
 CVE-2021-43438
@@ -9002,7 +9002,7 @@ CVE-2021-42915
 CVE-2021-42914
 	RESERVED
 CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...)
-	TODO: check
+	NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
 CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
 	NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
 CVE-2021-42911
@@ -19263,7 +19263,7 @@ CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services
 CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...)
 	- electron <itp> (bug #842420)
 CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...)
-	TODO: check
+	NOT-FOR-US: Owncast
 CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...)
 	NOT-FOR-US: EnroCrypt
 CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...)
@@ -127720,7 +127720,7 @@ CVE-2020-8107
 CVE-2020-8106
 	REJECTED
 CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...)
-	TODO: check
+	NOT-FOR-US: Abode iota All-In-One Security Kit
 CVE-2020-8104
 	RESERVED
 CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7843e73d56da2bce06b18b9676935066b0af9f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211220/2fce1dc4/attachment.htm>

More information about the debian-security-tracker-commits mailing list