[Git][security-tracker-team/security-tracker][master] new ckeditor, rust-xcb issues

Moritz Muehlenhoff jmm at debian.org
Wed Jan 27 09:22:08 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1320fc4 by Moritz Muehlenhoff at 2021-01-27T10:21:45+01:00
new ckeditor, rust-xcb issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...)
-	TODO: check
+	NOT-FOR-US: KLog Server
 CVE-2021-3316
 	RESERVED
 CVE-2021-3315
@@ -15,11 +15,13 @@ CVE-2021-3311
 CVE-2021-3310
 	RESERVED
 CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
-	TODO: check
+	- ckeditor <unfixed>
+	NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
 CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
-	TODO: check
+	- ckeditor <unfixed>
+	NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
 CVE-2021-26270
 	RESERVED
 CVE-2021-3307
@@ -905,9 +907,10 @@ CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 fo
 CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...)
 	NOT-FOR-US: Rust crate rusb
 CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust.  ...)
-	TODO: check
+	- rust-xcb <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0097.html
 CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...)
-	TODO: check
+	NOT-FOR-US: Rust crate im
 CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...)
 	NOT-FOR-US: Rust crate reffers
 CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...)
@@ -1149,7 +1152,7 @@ CVE-2021-25866
 CVE-2021-25865
 	RESERVED
 CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...)
-	TODO: check
+	NOT-FOR-US: node-red-contrib-huemagic
 CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
 	NOT-FOR-US: Open5GS
 CVE-2021-25862
@@ -2392,7 +2395,7 @@ CVE-2021-3167
 CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...)
 	NOT-FOR-US: ASUS devices
 CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...)
-	TODO: check
+	NOT-FOR-US: SmartAgent
 CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
 	NOT-FOR-US: ChurchRota
 CVE-2021-3163
@@ -6663,7 +6666,7 @@ CVE-2021-23274
 CVE-2021-23273
 	RESERVED
 CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-23271
 	RESERVED
 CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers  ...)
@@ -9032,7 +9035,7 @@ CVE-2021-3016
 CVE-2021-3015
 	RESERVED
 CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...)
-	TODO: check
+	NOT-FOR-US: The Proofpoint Insider Threat Management
 CVE-2021-22158
 	RESERVED
 CVE-2021-22157
@@ -12023,7 +12026,7 @@ CVE-2021-21285
 CVE-2021-21284
 	RESERVED
 CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...)
-	TODO: check
+	NOT-FOR-US: Flarum
 CVE-2021-21282
 	RESERVED
 CVE-2021-21281
@@ -12033,7 +12036,7 @@ CVE-2021-21280
 CVE-2021-21279
 	RESERVED
 CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...)
-	TODO: check
+	NOT-FOR-US: RSSHub
 CVE-2021-21277
 	RESERVED
 CVE-2021-21276
@@ -12047,7 +12050,7 @@ CVE-2021-21273
 CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
 	NOT-FOR-US: ORAS
 CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)
-	TODO: check
+	NOT-FOR-US: Tendermint
 CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used  ...)
 	NOT-FOR-US: OctopusDSC
 CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
@@ -21319,9 +21322,9 @@ CVE-2021-1073
 CVE-2021-1072
 	RESERVED
 CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
 	NOT-FOR-US: NVIDIA
 CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1320fc40fc10ba7cd3d85357e33f8d7e44effad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1320fc40fc10ba7cd3d85357e33f8d7e44effad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210127/71053163/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list