[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 14 21:06:34 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25055397 by Salvatore Bonaccorso at 2021-01-14T22:06:18+01:00
Process NFUs

- - - - -
2ac1c822 by Salvatore Bonaccorso at 2021-01-14T22:06:20+01:00
Add CVE-2021-21241/flask-security

The description of the CVE fetched from MITRE looks confusing because
reerring only to the "Flask-Security-Too" package which is a fork of
flask-security. But the issue was fixed in the flask-security project.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9293,7 +9293,11 @@ CVE-2021-21243
 CVE-2021-21242
 	RESERVED
 CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding security fe ...)
-	TODO: check
+	- flask-security <unfixed>
+	NOTE: https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv
+	NOTE: https://github.com/Flask-Middleware/flask-security/pull/422
+	NOTE: https://github.com/Flask-Middleware/flask-security/commit/c05afe837e83f20f59c0fb409ce1240341d1ec41 (master)
+	NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5)
 CVE-2021-21240
 	RESERVED
 CVE-2021-21239
@@ -16251,15 +16255,15 @@ CVE-2020-29021
 CVE-2020-29020
 	RESERVED
 CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-29017 (An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3 ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-29016 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 through  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-29014
 	RESERVED
 CVE-2020-29013



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eff1ac6d8212f02291cb5775bcc9d3528ba46b40...2ac1c82293b053e085c922c4186a8b756a1b666f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eff1ac6d8212f02291cb5775bcc9d3528ba46b40...2ac1c82293b053e085c922c4186a8b756a1b666f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210114/294bccb0/attachment.html>

More information about the debian-security-tracker-commits mailing list