[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Mar 22 08:35:01 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34c72bc7 by Moritz Muehlenhoff at 2021-03-22T09:34:42+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,9 +9,9 @@ CVE-2021-28959
 CVE-2021-28958
 	RESERVED
 CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
-	TODO: check
+	NOT-FOR-US: vscode-sass-lint
 CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will  ...)
-	TODO: check
+	NOT-FOR-US: git-bug
 CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
 	NOT-FOR-US: Chris Walz bit
 CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
@@ -363,7 +363,7 @@ CVE-2021-28798
 CVE-2021-28797
 	RESERVED
 CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
-	TODO: check
+	NOT-FOR-US: Increments Qiita::Markdown
 CVE-2021-28795
 	RESERVED
 CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...)
@@ -591,7 +591,7 @@ CVE-2021-28683
 CVE-2021-28682
 	RESERVED
 CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
-	TODO: check
+	NOT-FOR-US: Pion WebRTC
 CVE-2021-28680
 	RESERVED
 CVE-2021-28679
@@ -4580,7 +4580,7 @@ CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c al
 CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when  ...)
 	NOT-FOR-US: ReplaySorcery
 CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the database ...)
-	TODO: check
+	NOT-FOR-US: WoWonder
 CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...)
 	- linux <unfixed> (unimportant)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -6173,7 +6173,7 @@ CVE-2021-3329
 CVE-2021-3328
 	RESERVED
 CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
-	TODO: check
+	NOT-FOR-US: Ovation Dynamic Content
 CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...)
 	NOT-FOR-US: AfterLogic Aurora
 CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
@@ -6213,7 +6213,7 @@ CVE-2021-26277
 CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
 	NOT-FOR-US: GoDaddy node-config-shield
 CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)
-	TODO: check
+	NOT-FOR-US: eslint-fixer
 CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36239
@@ -7064,7 +7064,7 @@ CVE-2021-25918
 CVE-2021-25917
 	RESERVED
 CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...)
-	TODO: check
+	NOT-FOR-US: Node patchmerge
 CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...)
 	NOT-FOR-US: changeset
 CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0  ...)
@@ -12880,9 +12880,9 @@ CVE-2021-23362
 CVE-2021-23361
 	RESERVED
 CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...)
-	TODO: check
+	NOT-FOR-US: Node killport
 CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
-	TODO: check
+	NOT-FOR-US: Node port-killer
 CVE-2021-23358
 	RESERVED
 CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
@@ -18323,7 +18323,7 @@ CVE-2021-21386
 CVE-2021-21385
 	RESERVED
 CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape  ...)
-	TODO: check
+	NOT-FOR-US: shescape
 CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...)
 	NOT-FOR-US: Wiki.js
 CVE-2021-21382
@@ -26589,7 +26589,7 @@ CVE-2020-28875
 CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...)
 	NOT-FOR-US: ProjectSend
 CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...)
-	TODO: check
+	NOT-FOR-US: Fluxbb
 CVE-2020-28872
 	RESERVED
 CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
@@ -63426,7 +63426,7 @@ CVE-2020-13967
 CVE-2020-13966
 	RESERVED
 CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
 	- qtbase-opensource-src 5.14.2+dfsg-6
 	[buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c72bc71cb92040cbb7e94cbb4800a70ad4f740

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34c72bc71cb92040cbb7e94cbb4800a70ad4f740
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210322/a9c89855/attachment.htm>

More information about the debian-security-tracker-commits mailing list