[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 20 12:05:04 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b51b2a9 by Moritz Muehlenhoff at 2021-07-20T13:04:49+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,7 +8,7 @@ CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-a
 	NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
 	NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
 CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...)
 	- qpdf <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
@@ -361,11 +361,11 @@ CVE-2021-36807
 CVE-2021-36806
 	RESERVED
 CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. ...)
-	TODO: check
+	NOT-FOR-US: Unicorn Engine
 CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...)
 	TODO: check
 CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds  ...)
-	TODO: check
+	NOT-FOR-US: open62541
 CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...)
 	TODO: check
 CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
@@ -5239,9 +5239,9 @@ CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerab
 CVE-2021-34619
 	RESERVED
 CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some  ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...)
 	NOT-FOR-US: Aruba
 CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...)
@@ -7833,7 +7833,7 @@ CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.
 	NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
 	NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
 CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: Overwolf
 CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
 	- putty <not-affected> (Windows-specific)
 CVE-2021-33499
@@ -9487,7 +9487,7 @@ CVE-2021-32776
 CVE-2021-32775
 	RESERVED
 CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior  ...)
-	TODO: check
+	NOT-FOR-US: DataDump MediaWiki extension
 CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for  ...)
 	TODO: check
 CVE-2021-32772
@@ -11313,11 +11313,11 @@ CVE-2021-32016
 CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
 	NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
 CVE-2021-32014 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
-	TODO: check
+	NOT-FOR-US: SheetJS
 CVE-2021-32013 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
-	TODO: check
+	NOT-FOR-US: SheetJS
 CVE-2021-32012 (SheetJS Pro through 0.16.9 allows attackers to cause a denial of servi ...)
-	TODO: check
+	NOT-FOR-US: SheetJS
 CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
 	- ansible <unfixed>
 	[bullseye] - ansible <no-dsa> (Minor issue)
@@ -12489,7 +12489,7 @@ CVE-2021-31592
 CVE-2021-31591
 	RESERVED
 CVE-2021-31590 (PwnDoc through 2021-04-22 has incorrect JSON Webtoken handling, leadin ...)
-	TODO: check
+	NOT-FOR-US: PwnDoc
 CVE-2021-31589
 	RESERVED
 CVE-2021-31588
@@ -13442,7 +13442,7 @@ CVE-2021-31218
 CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
-	TODO: check
+	NOT-FOR-US: Siren Investigate
 CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
 	- slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
 	- slurm-llnl <removed>
@@ -26058,11 +26058,11 @@ CVE-2021-26085
 CVE-2021-26084
 	RESERVED
 CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center before ve ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before version  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center before ver ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira Data Cente ...)
@@ -26555,7 +26555,7 @@ CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for R
 CVE-2021-3280
 	RESERVED
 CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...)
-	TODO: check
+	NOT-FOR-US: sz.chat
 CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability  ...)
 	NOT-FOR-US: Local Service Search Engine Management System
 CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b51b2a95764797fc682bd769c236148dac9383a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b51b2a95764797fc682bd769c236148dac9383a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210720/a12d0fa9/attachment.htm>

More information about the debian-security-tracker-commits mailing list