[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 7 11:42:23 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fc5b04b by Moritz Muehlenhoff at 2021-06-07T12:41:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-33899
 	RESERVED
 CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
-	TODO: check
+	NOT-FOR-US: Invoice Ninja
 CVE-2021-33897
 	RESERVED
 CVE-2021-33896
@@ -44,7 +44,7 @@ CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interru
 CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...)
 	TODO: check
 CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure  ...)
-	TODO: check
+	NOT-FOR-US: Tencent
 CVE-2021-33878
 	RESERVED
 CVE-2021-33877
@@ -2827,7 +2827,7 @@ CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and
 	NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
 	NOTE: Only affects example script
 CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before  ...)
-	TODO: check
+	NOT-FOR-US: auth0-lock
 CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js.  ...)
 	- node-ws 7.4.2+~cs18.0.8-2
 	[buster] - node-ws <no-dsa> (Minor issue)
@@ -10460,7 +10460,7 @@ CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerab
 CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...)
 	NOT-FOR-US: Red discord bot addon
 CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
-	TODO: check
+	NOT-FOR-US: bubble fireworks
 CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
 	- golang-github-sylabs-sif <undetermined>
 	NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
@@ -16594,7 +16594,7 @@ CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition t
 	NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
 	NOTE: https://www.alexbirnberg.com/horde-xss.html
 CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...)
-	TODO: check
+	NOT-FOR-US: Disputed BIRD issue
 CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...)
 	- jasper <removed>
 	NOTE: https://github.com/jasper-software/jasper/issues/265
@@ -19006,7 +19006,7 @@ CVE-2021-25949
 CVE-2021-25948
 	RESERVED
 CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
-	TODO: check
+	NOT-FOR-US: Node nestie
 CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
 	NOT-FOR-US: Node nconf-toml
 CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
@@ -46325,9 +46325,9 @@ CVE-2020-27304
 CVE-2020-27303
 	RESERVED
 CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2020-27300
 	RESERVED
 CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, which may ...)
@@ -47332,7 +47332,7 @@ CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a D
 CVE-2020-26886 (Softaculous before 5.5.7 is affected by a code execution vulnerability ...)
 	NOT-FOR-US: Softaculous
 CVE-2020-26885 (An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability ...)
-	TODO: check
+	NOT-FOR-US: 2sxc
 CVE-2020-26884 (RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulner ...)
 	NOT-FOR-US: RSA Archer
 CVE-2020-26883 (In Play Framework 2.6.0 through 2.8.2, stack consumption can occur bec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc5b04be51d2a071f80054906bc0e94ed3bffc3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc5b04be51d2a071f80054906bc0e94ed3bffc3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210607/5b2fb588/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list