[Git][security-tracker-team/security-tracker][master] new rust-diesel, node-xmldom issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a74cfe72 by Moritz Muehlenhoff at 2021-03-15T09:08:21+01:00
new rust-diesel, node-xmldom issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2021-28363
 CVE-2021-28362
 	RESERVED
 CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK)  ...)
-	TODO: check
+	NOT-FOR-US: Storage Performance Development Kit
 CVE-2021-28360
 	RESERVED
 CVE-2021-28359
@@ -132,13 +132,14 @@ CVE-2021-28310
 CVE-2021-28309
 	RESERVED
 CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust craste fltk
 CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust craste fltk
 CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust craste fltk
 CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...)
-	TODO: check
+	- rust-diesel <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html
 CVE-2021-28304
 	RESERVED
 CVE-2021-28303
@@ -438,9 +439,9 @@ CVE-2021-28164
 CVE-2021-28163
 	RESERVED
 CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2021-28160
 	RESERVED
 CVE-2021-28159
@@ -692,7 +693,7 @@ CVE-2021-28094
 CVE-2021-28093
 	RESERVED
 CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...)
-	TODO: check
+	NOT-FOR-US: Node is-svg
 CVE-2021-3424
 	RESERVED
 	NOT-FOR-US: Keycloak
@@ -11544,7 +11545,7 @@ CVE-2021-23356
 CVE-2021-23355
 	RESERVED
 CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...)
-	TODO: check
+	NOT-FOR-US: Node printf
 CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...)
 	NOT-FOR-US: Node jspdf
 CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...)
@@ -17008,11 +17009,13 @@ CVE-2021-21370
 CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
 	NOT-FOR-US: Hyperledger Besu
 CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
-	TODO: check
+	NOT-FOR-US: Node msgpack5
 CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...)
 	NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
 CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
-	TODO: check
+	- node-xmldom <unfixed>
+	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
+	NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135 
 CVE-2021-21365
 	RESERVED
 CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a74cfe723a4e2f2e128210254ff214679a23c836

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a74cfe723a4e2f2e128210254ff214679a23c836
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/0478a342/attachment.htm>