[Git][security-tracker-team/security-tracker][master] new manuskript issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 26 13:18:37 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
946b1450 by Moritz Muehlenhoff at 2021-06-26T14:18:09+02:00
new manuskript issue
imagemagick n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-35504
 CVE-2021-35503
 	RESERVED
 CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp  ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2021-3622
 	RESERVED
 CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...)
@@ -630,7 +630,7 @@ CVE-2021-35208
 CVE-2021-35207
 	RESERVED
 CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
-	TODO: check
+	NOT-FOR-US: Gitpod
 CVE-2021-35205
 	RESERVED
 CVE-2021-35204
@@ -655,7 +655,10 @@ CVE-2021-35197
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
 	NOTE: https://phabricator.wikimedia.org/T280226
 CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...)
-	TODO: check
+	- manuskript <unfixed>
+	[bullseye] - manuskript <no-dsa> (Minor issue)
+	[buster] - manuskript <no-dsa> (Minor issue)
+	NOTE: https://github.com/olivierkes/manuskript/issues/891
 CVE-2021-35195
 	RESERVED
 CVE-2021-35194
@@ -970,9 +973,8 @@ CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
 	NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0)
 CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
 	RESERVED
-	- imagemagick <undetermined>
+	- imagemagick <not-affected> (Specific to Imagemagick 7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
-	TODO: check
 CVE-2021-35053
 	RESERVED
 CVE-2021-35052
@@ -998,7 +1000,7 @@ CVE-2021-35043
 CVE-2021-35042
 	RESERVED
 CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...)
-	TODO: check
+	NOT-FOR-US: FISCO-BCOS
 CVE-2021-3609
 	RESERVED
 	- linux 5.10.46-1
@@ -1436,13 +1438,11 @@ CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
 	- qemu <unfixed>
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
-	TODO: check details, upstream report
 CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
 	RESERVED
 	- qemu <unfixed>
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
-	TODO: check details, upstream report
 CVE-2021-3606
 	RESERVED
 CVE-2021-34826
@@ -2367,7 +2367,7 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
 	NOTE: https://github.com/eclipse/jetty.project/issues/6277
 CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse BIRT
 CVE-2021-34426
 	RESERVED
 CVE-2021-34425
@@ -2890,9 +2890,9 @@ CVE-2021-34187
 CVE-2021-34186
 	RESERVED
 CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
-	TODO: check
+	NOT-FOR-US: Miniaudio
 CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
-	TODO: check
+	NOT-FOR-US: Miniaudio
 CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...)
 	TODO: check
 CVE-2021-34182
@@ -4215,7 +4215,7 @@ CVE-2021-33606
 CVE-2021-33605
 	RESERVED
 CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
-	TODO: check
+	NOT-FOR-US: com.vaadin:flow-server
 CVE-2021-33603
 	RESERVED
 CVE-2021-33602
@@ -4376,11 +4376,11 @@ CVE-2021-33544
 CVE-2021-33543
 	RESERVED
 CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
 	NOT-FOR-US: Weidmueller Industrial WLAN devices
 CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
@@ -4809,7 +4809,7 @@ CVE-2021-33350
 CVE-2021-33349
 	RESERVED
 CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...)
-	TODO: check
+	NOT-FOR-US: JFinal
 CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
 	NOT-FOR-US: JPress
 CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK  ...)
@@ -6251,7 +6251,7 @@ CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session
 CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...)
 	NOT-FOR-US: Shopware
 CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
-	TODO: check
+	NOT-FOR-US: Flysystem
 CVE-2021-32707
 	RESERVED
 CVE-2021-32706
@@ -6263,7 +6263,7 @@ CVE-2021-32704 (DHIS 2 is an information system for data capture, management, va
 CVE-2021-32703
 	RESERVED
 CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Next.js SDK
 CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...)
 	NOT-FOR-US: ORY Oathkeeper
 CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946b14508edc4831ba34af2ee6023b2396a4596d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/946b14508edc4831ba34af2ee6023b2396a4596d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210626/a824cfab/attachment.htm>

More information about the debian-security-tracker-commits mailing list