[Git][security-tracker-team/security-tracker][master] new salt issue

Moritz Muehlenhoff jmm at debian.org
Thu Mar 11 15:32:11 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77ddf036 by Moritz Muehlenhoff at 2021-03-11T16:31:36+01:00
new salt issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2021-28136
 CVE-2021-28135
 	RESERVED
 CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Clipper
 CVE-2021-28133
 	RESERVED
 CVE-2021-3427
@@ -51,7 +51,7 @@ CVE-2021-28124
 CVE-2021-28123
 	RESERVED
 CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Open5GS
 CVE-2021-28121
 	RESERVED
 CVE-2021-28120
@@ -6741,7 +6741,8 @@ CVE-2021-25317
 CVE-2021-25316
 	RESERVED
 CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
-	TODO: check
+	- salt <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
 CVE-2021-25314
 	RESERVED
 CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
@@ -9494,7 +9495,7 @@ CVE-2021-24027
 CVE-2021-24026
 	RESERVED
 CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
-	TODO: check
+	- hhvm <removed>
 CVE-2021-24024
 	RESERVED
 CVE-2021-24023
@@ -11023,11 +11024,11 @@ CVE-2021-23348
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
 	NOT-FOR-US: argo-cd
 CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
-	TODO: check
+	NOT-FOR-US: html-parse-stringify
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
-	TODO: check
+	NOT-FOR-US: gotenberg
 CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
-	TODO: check
+	NOT-FOR-US: total.js
 CVE-2021-23343
 	RESERVED
 CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
@@ -13962,7 +13963,7 @@ CVE-2021-21981
 CVE-2021-21980
 	RESERVED
 CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
-	TODO: check
+	NOT-FOR-US: Bitnami Containers
 CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
 	NOT-FOR-US: VMware View Planner
 CVE-2021-21977
@@ -14393,7 +14394,6 @@ CVE-2021-21773
 CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
 	- lib3mf <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
-	TODO: check
 CVE-2021-21771
 	RESERVED
 CVE-2021-21770



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ddf0364720dbf0cd730654b3af62974113873a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77ddf0364720dbf0cd730654b3af62974113873a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210311/395fd362/attachment.htm>

More information about the debian-security-tracker-commits mailing list