[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Dec 23 14:04:15 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25707ed3 by Salvatore Bonaccorso at 2021-12-23T15:03:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5411,7 +5411,7 @@ CVE-2021-43849
 CVE-2021-43848
 	RESERVED
 CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
-	TODO: check
+	NOT-FOR-US: HumHub Social Network Kit Enterprise
 CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
 	TODO: check
 CVE-2021-43845
@@ -5427,7 +5427,7 @@ CVE-2021-43841
 CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In  ...)
 	TODO: check
 CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
-	TODO: check
+	NOT-FOR-US: Cronos
 CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
 	TODO: check
 CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
@@ -5514,7 +5514,7 @@ CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12
 CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
 	TODO: check
 CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius at 8 ...)
-	TODO: check
+	NOT-FOR-US: Mercurius
 CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
 	NOT-FOR-US: Wiki.js
 CVE-2021-43799
@@ -9248,7 +9248,7 @@ CVE-2021-43053
 CVE-2021-43052
 	RESERVED
 CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
-	TODO: check
+	NOT-FOR-US: Spotfire Server component of TIBCO
 CVE-2021-43050
 	RESERVED
 CVE-2021-43049
@@ -22245,7 +22245,7 @@ CVE-2021-38184
 CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
 	NOT-FOR-US: SAP
 CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can  ...)
-	TODO: check
+	NOT-FOR-US: Kyma
 CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
 	NOT-FOR-US: SAP
 CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25707ed36752dec1a20243cab66767da5deaf3b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25707ed36752dec1a20243cab66767da5deaf3b7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211223/772daa7d/attachment.htm>
