[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Feb 11 11:17:21 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef0e02db by Moritz Muehlenhoff at 2021-02-11T12:17:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2021-27187
 CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
 	NOT-FOR-US: Fluent Bit
 CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
-	TODO: check
+	NOT-FOR-US: Node samba-client
 CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
 CVE-2021-27183
@@ -501,9 +501,9 @@ CVE-2021-26941
 CVE-2021-26940
 	RESERVED
 CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...)
-	TODO: check
+	NOT-FOR-US: henriquedornas
 CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...)
-	TODO: check
+	NOT-FOR-US: henriquedornas
 CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of  ...)
 	- xterm 366-1 (bug #982439)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
@@ -534,7 +534,7 @@ CVE-2021-3403
 	- libytnef <unfixed>
 	NOTE: https://github.com/Yeraze/ytnef/issues/85
 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when  ...)
-	TODO: check
+	NOT-FOR-US: ReplaySorcery
 CVE-2021-26935
 	RESERVED
 CVE-2021-26934
@@ -8746,7 +8746,7 @@ CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to
 CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
 	NOT-FOR-US: Node iniparserjs
 CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...)
-	TODO: check
+	NOT-FOR-US: apexcharts
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
 	NOT-FOR-US: graphql-tools/git-loader
 CVE-2021-23325
@@ -9096,7 +9096,7 @@ CVE-2021-3035
 CVE-2021-3034
 	RESERVED
 CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo  ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...)
@@ -13424,13 +13424,13 @@ CVE-2021-21438
 CVE-2021-21437
 	RESERVED
 CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
-	TODO: check
+	NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
 	- otrs2 <unfixed>
 	[buster] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
 CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
-	TODO: check
+	NOT-FOR-US: OTRS Survey addon
 CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
 	- cockpit <unfixed>
 	[bullseye] - cockpit <ignored> (Minor issue)
@@ -92546,7 +92546,7 @@ CVE-2020-1781
 CVE-2020-1780
 	RESERVED
 CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS  ...)
-	TODO: check
+	NOT-FOR-US: OTRSTicketForms (OTRS addon)
 CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP),  ...)
 	- otrs2 <not-affected> (Only affects 8.x)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0e02db3c77d987a96e5ba4c590d137d90c24c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210211/9d105b5a/attachment.html>

More information about the debian-security-tracker-commits mailing list