[Git][security-tracker-team/security-tracker][master] new ckeditor issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 5 14:52:19 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e30f246 by Moritz Muehlenhoff at 2021-07-05T15:51:39+02:00
new ckeditor issue
json-smart non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10322,8 +10322,7 @@ CVE-2021-31686
 CVE-2021-31685
 	RESERVED
 CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...)
-	- json-smart <unfixed>
-	[stretch] - json-smart <no-dsa> (Minor issue)
+	- json-smart <unfixed> (unimportant)
 	NOTE: https://github.com/netplex/json-smart-v2/issues/67
 	NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
 	NOTE: Security impact disputed by upstream
@@ -35930,7 +35929,10 @@ CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi
 	- matrix-synapse 1.28.0-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
 CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...)
-	TODO: check
+	- ckeditor <unfixed>
+	[bullseye] - ckeditor <no-dsa> (Minor issue)
+	[buster] - ckeditor <no-dsa> (Minor issue)
+	NOTE: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
 CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
 	NOT-FOR-US: MinIO
 CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e30f246e1e9303f55ffb035e97b3e0dc3485ec9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e30f246e1e9303f55ffb035e97b3e0dc3485ec9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210705/547b44eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list