[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05f720df by Moritz Muehlenhoff at 2021-03-12T14:54:54+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12508,17 +12508,17 @@ CVE-2021-22716
 CVE-2021-22715
 	RESERVED
 CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2021-22708
 	RESERVED
 CVE-2021-22707
@@ -16741,7 +16741,7 @@ CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication
 CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
 	NOT-FOR-US: Products.PluggableAuthService
 CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...)
-	TODO: check
+	NOT-FOR-US: Nginx addon for SPNEGO auth
 CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...)
 	- containerd 1.4.4~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
@@ -16750,7 +16750,7 @@ CVE-2021-21333
 CVE-2021-21332
 	RESERVED
 CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a  ...)
-	TODO: check
+	NOT-FOR-US: Java client for Datadog API
 CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	{DSA-4864-1}
 	- python-aiohttp 3.7.4-1
@@ -16760,7 +16760,7 @@ CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyn
 	NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
 	NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
 CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...)
-	TODO: check
+	NOT-FOR-US: RATCF
 CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...)
 	NOT-FOR-US: Vapor
 CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...)
@@ -18455,7 +18455,7 @@ CVE-2021-20676
 CVE-2021-20675
 	RESERVED
 CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
-	TODO: check
+	NOT-FOR-US: MagicConnect client
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
 	NOT-FOR-US: GROWI
 CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05f720df9cfc10e1d1fa78da69fc2076ee69fe9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05f720df9cfc10e1d1fa78da69fc2076ee69fe9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210312/eb7e14d7/attachment-0001.htm>