[Git][security-tracker-team/security-tracker][master] consul n/a

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 24 22:45:49 GMT 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
081ba4b7 by Moritz Muehlenhoff at 2021-12-24T23:45:20+01:00
consul n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -323,7 +323,7 @@ CVE-2022-21155
 CVE-2022-21137
 	RESERVED
 CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
-	TODO: check
+	NOT-FOR-US: Node windows
 CVE-2021-4154 [cgroup: verify that source is a string]
 	RESERVED
 	- linux 5.14.6-1
@@ -1790,7 +1790,7 @@ CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross
 CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: bookstack
 CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...)
-	TODO: check
+	NOT-FOR-US: pytorch-lightning
 CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
@@ -3068,7 +3068,7 @@ CVE-2021-4074
 CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
-	TODO: check
+	NOT-FOR-US: elgg
 CVE-2021-4071
 	RESERVED
 CVE-2021-44674
@@ -3324,7 +3324,7 @@ CVE-2021-44550
 CVE-2021-4070
 	RESERVED
 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of  ...)
-	TODO: check
+	NOT-FOR-US: Apache Sling
 CVE-2021-4069 (vim is vulnerable to Use After Free ...)
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
@@ -5479,7 +5479,7 @@ CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python
 	NOTE: https://github.com/nltk/nltk/pull/2869
 	NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
 CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
-	TODO: check
+	NOT-FOR-US: Ajax.NET Professional
 CVE-2021-43852
 	RESERVED
 CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -5487,19 +5487,19 @@ CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking ap
 CVE-2021-43850
 	RESERVED
 CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
-	TODO: check
+	NOT-FOR-US: cordova-plugin-fingerprint-aio
 CVE-2021-43848
 	RESERVED
 CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
 	NOT-FOR-US: HumHub Social Network Kit Enterprise
 CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
-	TODO: check
+	NOT-FOR-US: solidus_frontend
 CVE-2021-43845
 	RESERVED
 CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
 	NOT-FOR-US: MSEdgeRedirect
 CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
-	TODO: check
+	NOT-FOR-US: jsx-slack
 CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
 	NOT-FOR-US: Wiki.js
 CVE-2021-43841
@@ -5509,7 +5509,7 @@ CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web client
 CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
 	NOT-FOR-US: Cronos
 CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
-	TODO: check
+	NOT-FOR-US: jsx-slack
 CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
 	TODO: check
 CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
@@ -5523,7 +5523,7 @@ CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams
 CVE-2021-43832
 	RESERVED
 CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
-	TODO: check
+	NOT-FOR-US: gradio
 CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
 	NOT-FOR-US: OpenProject
 CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
@@ -5531,7 +5531,7 @@ CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Sec
 CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security  ...)
 	NOT-FOR-US: PatrOwl
 CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
-	TODO: check
+	NOT-FOR-US: discourse-footnote
 CVE-2021-43826
 	RESERVED
 CVE-2021-43825
@@ -13533,9 +13533,8 @@ CVE-2021-41807
 CVE-2021-41806
 	RESERVED
 CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
-	- consul <unfixed>
+	- consul <not-affected> (Only affects Consul Enterprise)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
-	TODO: check details, fixing commit
 CVE-2021-41804
 	RESERVED
 CVE-2021-41803



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081ba4b75e0e5075ee6381732a3becce20217c56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/081ba4b75e0e5075ee6381732a3becce20217c56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/2c1c156f/attachment.htm>


More information about the debian-security-tracker-commits mailing list