[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94ba48c7 by Moritz Muehlenhoff at 2021-02-14T14:19:32+01:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,9 +69,9 @@ CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered
 CVE-2021-27189
 	RESERVED
 CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
-	TODO: check
+	NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
 CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
-	TODO: check
+	NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
 CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
 	NOT-FOR-US: Fluent Bit
 CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
@@ -1016,11 +1016,11 @@ CVE-2021-26755
 CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...)
 	NOT-FOR-US: wpDataTables WordPress plugin
 CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
-	TODO: check
+	NOT-FOR-US: NeDi
 CVE-2021-26750
 	RESERVED
 CVE-2021-26749
@@ -22563,9 +22563,9 @@ CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user coul
 CVE-2020-28646
 	RESERVED
 CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...)
-	TODO: check
+	- owncloud <removed>
 CVE-2020-28643
 	RESERVED
 CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...)
@@ -23668,9 +23668,9 @@ CVE-2020-28598
 CVE-2020-28597
 	RESERVED
 CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
-	TODO: check
+	NOT-FOR-US: PrusaSlicer
 CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj()  ...)
-	TODO: check
+	NOT-FOR-US: PrusaSlicer
 CVE-2020-28594
 	RESERVED
 CVE-2020-28593


=====================================
data/dsa-needed.txt
=====================================
@@ -24,7 +24,7 @@ linux (carnil)
 netty
   Markus Koschany possibly can prepare update
 --
-php7.3
+php7.3 (jmm)
   Maintainer proposed an update via 7.3.27
 --
 python-pysaml2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ba48c73b705cdd44f7d3f5c453909c11c86c14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ba48c73b705cdd44f7d3f5c453909c11c86c14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210214/74264ba8/attachment.html>