[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Mar 24 10:17:38 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4592458 by Moritz Muehlenhoff at 2021-03-24T11:17:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-3462
 CVE-2021-29134
 	RESERVED
 CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...)
-	TODO: check
+	NOT-FOR-US: haserl (Alpine), different from src:haserl
 CVE-2021-29132
 	RESERVED
 CVE-2021-29131
@@ -348,7 +348,7 @@ CVE-2021-28969
 CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
 	NOT-FOR-US: PunBB
 CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
-	TODO: check
+	NOT-FOR-US: MATLAB extenstion for vscode
 CVE-2021-28966
 	RESERVED
 CVE-2021-28965
@@ -671,21 +671,21 @@ CVE-2021-28826
 CVE-2021-28825
 	RESERVED
 CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL  ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-28816
 	RESERVED
 CVE-2021-28815
@@ -2289,9 +2289,9 @@ CVE-2021-28102
 CVE-2021-28101
 	RESERVED
 CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...)
-	TODO: check
+	NOT-FOR-US: Priam
 CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...)
-	TODO: check
+	NOT-FOR-US: Hollow
 CVE-2020-36276
 	RESERVED
 CVE-2020-36275
@@ -2802,7 +2802,7 @@ CVE-2021-27910
 CVE-2021-27909
 	RESERVED
 CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
 	NOT-FOR-US: Apache Superset
 CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...)
@@ -13480,7 +13480,7 @@ CVE-2021-23276
 CVE-2021-23275
 	RESERVED
 CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
@@ -14292,7 +14292,7 @@ CVE-2021-22866
 CVE-2021-22865
 	RESERVED
 CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub  ...)
 	NOT-FOR-US: GitHub Enterprise
 CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...)
@@ -15546,7 +15546,7 @@ CVE-2021-22316
 CVE-2021-22315
 	RESERVED
 CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22313
 	RESERVED
 CVE-2021-22312
@@ -18087,9 +18087,9 @@ CVE-2021-21440
 CVE-2021-21439
 	RESERVED
 CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...)
-	TODO: check
+	NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
 CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which  ...)
-	TODO: check
+	NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
 	NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
@@ -18691,7 +18691,7 @@ CVE-2021-21404
 CVE-2021-21403
 	RESERVED
 CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
-	TODO: check
+	NOT-FOR-US: Jellyfin
 CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
 	TODO: check
 CVE-2021-21400



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4592458f3353c39f9d74d59b35ef77d3b582d1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4592458f3353c39f9d74d59b35ef77d3b582d1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/e8d75e0b/attachment.htm>

More information about the debian-security-tracker-commits mailing list