[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 17 13:19:37 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ba0e547 by Moritz Muehlenhoff at 2021-06-17T14:19:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in
 CVE-2021-34802
 	RESERVED
 CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
-	TODO: check
+	NOT-FOR-US: Valine
 CVE-2021-34800
 	RESERVED
 CVE-2021-34799
@@ -4746,7 +4746,7 @@ CVE-2021-32693
 CVE-2021-32692
 	RESERVED
 CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...)
-	TODO: check
+	NOT-FOR-US: Apollo Apps
 CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
 	TODO: check
 CVE-2021-32689
@@ -4758,11 +4758,11 @@ CVE-2021-32687
 CVE-2021-32686
 	RESERVED
 CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
-	TODO: check
+	NOT-FOR-US: tEnvoy
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
 	NOT-FOR-US: Create Magento app
 CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...)
-	TODO: check
+	NOT-FOR-US: wire-webapp
 CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
 	NOT-FOR-US: elFinder
 CVE-2021-32681
@@ -4812,7 +4812,7 @@ CVE-2021-32661 (Backstage is an open platform for building developer portals. In
 CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
 	NOT-FOR-US: Backstage
 CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...)
-	TODO: check
+	NOT-FOR-US: Matrix-appservice-bridge
 CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source  ...)
 	NOT-FOR-US: Nextcloud client for Android
 CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In  ...)
@@ -4897,7 +4897,7 @@ CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure
 CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...)
 	NOT-FOR-US: Keystone CMS
 CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
 	NOT-FOR-US: Matrix-React-SDK
 CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -5756,11 +5756,11 @@ CVE-2021-32247
 CVE-2021-32246
 	RESERVED
 CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...)
-	TODO: check
+	NOT-FOR-US: PageKit CMS
 CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...)
 	- moodle <removed>
 CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). ...)
-	TODO: check
+	NOT-FOR-US: FOGProject
 CVE-2021-32242
 	RESERVED
 CVE-2021-32241
@@ -25579,8 +25579,7 @@ CVE-2021-24039
 	RESERVED
 CVE-2021-24038
 	RESERVED
-CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2021-24036
 	RESERVED
 CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
@@ -52149,13 +52148,13 @@ CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2020-25755 (An issue was discovered on Enphase Envoy R3.x and D4.x (and other curr ...)
-	TODO: check
+	NOT-FOR-US: Enphase Envoy
 CVE-2020-25754 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There  ...)
-	TODO: check
+	NOT-FOR-US: Enphase Envoy
 CVE-2020-25753 (An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 ...)
-	TODO: check
+	NOT-FOR-US: Enphase Envoy
 CVE-2020-25752 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There  ...)
-	TODO: check
+	NOT-FOR-US: Enphase Envoy
 CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via  ...)
 	NOT-FOR-US: paGO Commerce plugin for Joomla!
 CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
@@ -63636,7 +63635,7 @@ CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/
 	NOTE: https://trac.ffmpeg.org/ticket/7996
 	NOTE: Negligible security impact
 CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files  ...)
-	TODO: check
+	NOT-FOR-US: Jact OpenClinic
 CVE-2020-20443
 	RESERVED
 CVE-2020-20442



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba0e547ce5891ea87ef48162c287f97eea61962

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba0e547ce5891ea87ef48162c287f97eea61962
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210617/8f969e91/attachment.htm>

More information about the debian-security-tracker-commits mailing list