[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jul 3 22:54:30 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be7dd357 by Moritz Muehlenhoff at 2021-07-03T23:52:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4979,7 +4979,7 @@ CVE-2021-33891
 CVE-2021-33890
 	RESERVED
 CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...)
-	TODO: check
+	NOT-FOR-US: OpenThread wpantund
 CVE-2021-33888
 	RESERVED
 CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...)
@@ -5159,10 +5159,9 @@ CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attacker
 	{DLA-2696-1}
 	- libjdom2-intellij-java <unfixed>
 	- libjdom2-java <unfixed>
-	- libjdom1-java <undetermined>
+	- libjdom1-java <unfixed>
 	NOTE: https://github.com/hunterhacker/jdom/pull/188
 	NOTE: https://alephsecurity.com/vulns/aleph-2021003
-	TODO: check libjdom1-java
 CVE-2021-33812
 	RESERVED
 CVE-2021-33811
@@ -7649,7 +7648,7 @@ CVE-2021-32740
 CVE-2021-32739
 	RESERVED
 CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
-	TODO: check
+	NOT-FOR-US: js-stellar-sdk
 CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...)
 	NOT-FOR-US: Sulu
 CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...)
@@ -15598,9 +15597,8 @@ CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the r
 CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
 	NOT-FOR-US: bubble fireworks
 CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
-	- golang-github-sylabs-sif <undetermined>
+	- golang-github-sylabs-sif <unfixed>
 	NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
-	TODO: check
 CVE-2021-29498
 	RESERVED
 CVE-2021-29497
@@ -24259,7 +24257,7 @@ CVE-2021-25953
 CVE-2021-25952
 	RESERVED
 CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...)
-	TODO: check
+	NOT-FOR-US: XML2Dict
 CVE-2021-25950
 	REJECTED
 CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...)
@@ -30195,9 +30193,9 @@ CVE-2021-23405
 CVE-2021-23404
 	RESERVED
 CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...)
-	TODO: check
+	NOT-FOR-US: Node ts-nodash
 CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...)
-	TODO: check
+	NOT-FOR-US: Node record-like-deep-assign
 CVE-2021-23401
 	RESERVED
 CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...)
@@ -61145,15 +61143,15 @@ CVE-2020-23196
 CVE-2020-23195
 	RESERVED
 CVE-2020-23194 (A stored cross site scripting (XSS) vulnerability in the "Import Subsc ...)
-	TODO: check
+	- phplist <itp> (bug #612288)
 CVE-2020-23193
 	RESERVED
 CVE-2020-23192 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
-	TODO: check
+	- phplist <itp> (bug #612288)
 CVE-2020-23191
 	RESERVED
 CVE-2020-23190 (A stored cross site scripting (XSS) vulnerability in the "Import email ...)
-	TODO: check
+	- phplist <itp> (bug #612288)
 CVE-2020-23189
 	RESERVED
 CVE-2020-23188
@@ -61163,21 +61161,21 @@ CVE-2020-23187
 CVE-2020-23186
 	RESERVED
 CVE-2020-23185 (A stored cross site scripting (XSS) vulnerability in /administration/s ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23184 (A stored cross site scripting (XSS) vulnerability in /administration/s ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23183
 	RESERVED
 CVE-2020-23182 (The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.ph ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23181 (A reflected cross site scripting (XSS) vulnerability in /administratio ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23180
 	RESERVED
 CVE-2020-23179 (A stored cross site scripting (XSS) vulnerability in administration/se ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23178 (An issue exists in PHP-Fusion 9.03.50 where session cookies are not de ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-23177
 	RESERVED
 CVE-2020-23176



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be7dd357c518b01f2dbafd97784715faba783f5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be7dd357c518b01f2dbafd97784715faba783f5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210703/be651950/attachment.htm>

More information about the debian-security-tracker-commits mailing list