[Git][security-tracker-team/security-tracker][master] new rust-rand-code issue

Moritz Muehlenhoff jmm at debian.org
Thu Feb 18 16:36:00 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ef8cd66 by Moritz Muehlenhoff at 2021-02-18T17:35:32+01:00
new rust-rand-code issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,12 @@
 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust.  ...)
-	TODO: check
+	- rust-rand-core <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
 CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
-	TODO: check
+	NOT-FOR-US: Rust crate yottadb
 CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate nb-connect
 CVE-2021-27375 (Traefik 2.4.3 allows the loading of IFRAME elements from other domains ...)
-	TODO: check
+	NOT-FOR-US: Traefik
 CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
 	NOT-FOR-US: VertiGIS WebOffice
 CVE-2021-27373
@@ -21,7 +22,7 @@ CVE-2021-27369
 CVE-2021-27368
 	RESERVED
 CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2021-27366
 	RESERVED
 CVE-2021-27365
@@ -31,7 +32,7 @@ CVE-2021-27364
 CVE-2021-27363
 	RESERVED
 CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: GramAddict
 CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
 	NOT-FOR-US: WPG plugin for IrfanView
 CVE-2021-27361



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef8cd661e1a045d3989ba541d70b693974221e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef8cd661e1a045d3989ba541d70b693974221e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210218/02ba438f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list