[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 19 10:00:04 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
509d196b by Moritz Muehlenhoff at 2021-07-19T10:58:30+02:00
NFUs
drop one TODO for mongo-driver, if relevant it would get handled via k8s

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2021-36774
 	RESERVED
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
-	TODO: check
+	NOT-FOR-US: uBlock Origin
 CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-36770
 	RESERVED
 CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
@@ -58,7 +58,7 @@ CVE-2021-36749
 CVE-2021-3650
 	RESERVED
 CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2021-36748
 	RESERVED
 CVE-2021-36747
@@ -6312,7 +6312,7 @@ CVE-2021-33913
 CVE-2021-33912
 	RESERVED
 CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-33910
 	RESERVED
 CVE-2021-33909
@@ -7132,7 +7132,7 @@ CVE-2021-33594
 CVE-2021-33593
 	RESERVED
 CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
-	TODO: check
+	NOT-FOR-US: NAVER Toolbar
 CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
 	NOT-FOR-US: Naver Comic Viewer
 CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
@@ -20609,7 +20609,7 @@ CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations
 CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
 	NOT-FOR-US: MyBB addon
 CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...)
-	TODO: check
+	NOT-FOR-US: Froala WYSIWYG Editor
 CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain  ...)
 	NOT-FOR-US: Okta Access Gateway
 CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
@@ -40256,10 +40256,10 @@ CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publi
 CVE-2021-20330
 	RESERVED
 CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
+	NOT-FOR-US: mongo-driver
 	NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
 	NOTE: https://github.com/mongodb/mongo-go-driver/pull/622
 	NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1)
-	TODO: check, mongo-driver driver embedded in src:kubernetes
 CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
 	- mongo-java-driver <not-affected> (Vulnerable code introduce later)
 	NOTE: https://jira.mongodb.org/browse/JAVA-4017
@@ -395031,7 +395031,7 @@ CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.cl
 	NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
 	NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
 CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...)
-	TODO: check
+	NOT-FOR-US: Historic Go issue
 CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...)
 	{DSA-2520-1}
 	- libreoffice 1:3.5.4-7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/509d196b75aff9a068ee4dd091cfdfd8e762641f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/509d196b75aff9a068ee4dd091cfdfd8e762641f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210719/0aa06623/attachment.htm>

More information about the debian-security-tracker-commits mailing list