[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jan 14 21:02:17 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eff1ac6d by Moritz Muehlenhoff at 2021-01-14T22:01:55+01:00
NFUs
lldpd no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2510,7 +2510,7 @@ CVE-2021-23938
 CVE-2021-23937
 	RESERVED
 CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2021-3137
 	RESERVED
 CVE-2021-3136
@@ -2609,9 +2609,9 @@ CVE-2021-23902
 CVE-2021-23901
 	RESERVED
 CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an  ...)
-	TODO: check
+	NOT-FOR-US: OWASP json-sanitizer
 CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDA ...)
-	TODO: check
+	NOT-FOR-US: OWASP json-sanitizer
 CVE-2021-23898
 	RESERVED
 CVE-2021-23897
@@ -7140,7 +7140,7 @@ CVE-2021-21724
 CVE-2021-21723
 	RESERVED
 CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21721
 	RESERVED
 CVE-2021-21720
@@ -21804,6 +21804,7 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.
 CVE-2020-27827 [lldp: avoid memory leak from bad packets]
 	RESERVED
 	- lldpd 1.0.8-1
+	[buster] - lldpd <no-dsa> (Minor issue)
 	- openvswitch <unfixed>
 	NOTE: https://github.com/openvswitch/ovs/pull/337
 	NOTE: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff1ac6d8212f02291cb5775bcc9d3528ba46b40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff1ac6d8212f02291cb5775bcc9d3528ba46b40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210114/70eba6dc/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list