[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 29 13:23:00 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f14e3b3 by Moritz Muehlenhoff at 2021-06-29T14:22:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2688,7 +2688,6 @@ CVE-2021-3597
 	RESERVED
 	- undertow <unfixed> (bug #989861)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
-	TODO: check, lack of details
 CVE-2021-34674
 	RESERVED
 CVE-2021-34673
@@ -3561,7 +3560,6 @@ CVE-2021-3583 [Template Injection through yaml multi-line strings with ansible f
 	- ansible <undetermined>
 	- ansible-base <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
-	TODO: scarce information, check later
 CVE-2021-34290
 	RESERVED
 CVE-2021-34289
@@ -3777,9 +3775,8 @@ CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by
 CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
 	NOT-FOR-US: Miniaudio
 CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in s ...)
-	- imagemagick <undetermined>
+	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3767
-	TODO: check if IM6 affected, likely anyway unimportant
 CVE-2021-34182
 	RESERVED
 CVE-2021-34181
@@ -4360,7 +4357,6 @@ CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
 	- qemu <unfixed>
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
-	TODO: check
 CVE-2021-33907
 	RESERVED
 CVE-2021-33906
@@ -7107,9 +7103,9 @@ CVE-2021-32725
 CVE-2021-32724
 	RESERVED
 CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
-	TODO: check
+	NOT-FOR-US: Prism
 CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. All existing versions of Glob ...)
-	TODO: check
+	NOT-FOR-US: GlobalNewFiles MediaWiki extension
 CVE-2021-32721
 	RESERVED
 CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
@@ -9878,7 +9874,7 @@ CVE-2021-31617
 CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
 	NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
 CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
-	TODO: check
+	NOTE: Bluetooth protocol issue
 CVE-2021-31614
 	RESERVED
 CVE-2021-31613
@@ -17323,11 +17319,11 @@ CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out
 CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...)
 	NOT-FOR-US: Adobe
 CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-28582
 	RESERVED
 CVE-2021-28581
@@ -17367,7 +17363,7 @@ CVE-2021-28565
 CVE-2021-28564
 	RESERVED
 CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-28561
@@ -17381,7 +17377,7 @@ CVE-2021-28558
 CVE-2021-28557
 	RESERVED
 CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2021-28555
 	RESERVED
 CVE-2021-28554
@@ -29633,9 +29629,9 @@ CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to
 CVE-2021-23397
 	RESERVED
 CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
-	TODO: check
+	NOT-FOR-US: Node lutils
 CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...)
-	TODO: check
+	NOT-FOR-US: Node nedb
 CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote  ...)
 	NOT-FOR-US: studio-42/elfinder
 CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the  ...)
@@ -33148,7 +33144,7 @@ CVE-2021-21811
 CVE-2021-21810
 	RESERVED
 CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
-	TODO: check
+	NOT-FOR-US: Moodle plugin
 CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2021-21807
@@ -35222,7 +35218,7 @@ CVE-2021-21424 (Symfony is a PHP framework for web and console applications and
 CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
 	NOT-FOR-US: projen
 CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...)
-	TODO: check
+	NOT-FOR-US: mongo-express
 CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
 	NOT-FOR-US: node-etsy-client
 CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f14e3b3faeee685990131035c1ae7b85f292146

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f14e3b3faeee685990131035c1ae7b85f292146
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210629/34ab6dbf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list