[Git][security-tracker-team/security-tracker][master] new golang-gogoprotobuf issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0907e376 by Moritz Muehlenhoff at 2021-01-21T12:11:53+01:00
new golang-gogoprotobuf issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3838,7 +3838,8 @@ CVE-2021-3123
 CVE-2021-3122
 	RESERVED
 CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
-	TODO: check
+	- golang-gogoprotobuf <unfixed>
+	NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
 CVE-2021-3120
 	RESERVED
 CVE-2021-3119
@@ -4870,7 +4871,7 @@ CVE-2021-23328
 CVE-2021-23327
 	RESERVED
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
-	TODO: check
+	NOT-FOR-US: graphql-tools/git-loader
 CVE-2021-23325
 	RESERVED
 CVE-2021-23324
@@ -10357,7 +10358,7 @@ CVE-2021-21271
 CVE-2021-21270
 	RESERVED
 CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
-	TODO: check
+	NOT-FOR-US: Keymaker
 CVE-2021-21268
 	RESERVED
 CVE-2021-21267
@@ -13203,7 +13204,7 @@ CVE-2020-35493 (A flaw exists in binutils in bfd/pef.c. An attacker who is able
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25307
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab
 	NOTE: NOTE: binutils not covered by security support
-CVE-2020-35492 [cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes]
+CVE-2020-35492 [cairo: buffer overflow in image compositor]
 	RESERVED
 	{DLA-2518-1}
 	- cairo 1.16.0-5 (bug #978658)
@@ -13903,7 +13904,7 @@ CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the
 CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Con ...)
 	NOT-FOR-US: FluxBB
 CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ...)
-	TODO: check
+	NOT-FOR-US: CakePHP
 CVE-2020-35238
 	RESERVED
 CVE-2020-35237
@@ -15200,7 +15201,7 @@ CVE-2021-2001 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
@@ -19584,11 +19585,11 @@ CVE-2021-1071
 CVE-2021-1070
 	RESERVED
 CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
 	NOT-FOR-US: NVIDIA vGPU manager
 CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
@@ -23421,7 +23422,7 @@ CVE-2020-27737
 CVE-2020-27736
 	RESERVED
 CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
-	TODO: check
+	NOT-FOR-US: Wing FTP
 CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
 	- openrc <unfixed> (bug #973245)
 	[buster] - openrc <no-dsa> (Minor issue)
@@ -24761,7 +24762,7 @@ CVE-2020-27300
 CVE-2020-27299
 	RESERVED
 CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1 ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2020-27297
 	RESERVED
 CVE-2020-27296



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0907e37602176c4f176b41f799b3eb9fa914b199

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0907e37602176c4f176b41f799b3eb9fa914b199
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210121/2f08f034/attachment-0001.html>