[Git][security-tracker-team/security-tracker][master] NFUs

Wed Mar 24 16:38:08 GMT 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54164ce3 by Moritz Muehlenhoff at 2021-03-24T17:37:45+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18717,13 +18717,13 @@ CVE-2021-21392
 CVE-2021-21391
 	RESERVED
 CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
-	TODO: check
+	NOT-FOR-US: MinIO
 CVE-2021-21389
 	RESERVED
 CVE-2021-21388
 	RESERVED
 CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
-	TODO: check
+	NOT-FOR-US: Wrongthink
 CVE-2021-21386
 	RESERVED
 CVE-2021-21385
@@ -18735,15 +18735,15 @@ CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before
 CVE-2021-21382
 	RESERVED
 CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
-	TODO: check
+	NOT-FOR-US: OMERO.web
 CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
-	TODO: check
+	NOT-FOR-US: OMERO.web
 CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -18758,7 +18758,7 @@ CVE-2021-21372
 CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
 	NOT-FOR-US: Tenable for Jira Cloud
 CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
 	NOT-FOR-US: Hyperledger Besu
 CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
@@ -18782,15 +18782,15 @@ CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains
 CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...)
 	NOT-FOR-US: Products.GenericSetup
 CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21356
 	RESERVED
 CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...)
 	NOT-FOR-US: Pollbot
 CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In  ...)
@@ -18831,11 +18831,11 @@ CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back a
 	- libxstream-java <unfixed>
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh
 CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
 	NOT-FOR-US: Products.PluggableAuthService
 CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
@@ -19031,7 +19031,7 @@ CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community s
 CVE-2021-21268
 	RESERVED
 CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and validate JS ob ...)
-	TODO: check
+	NOT-FOR-US: Node schema-inspector
 CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...)
 	NOT-FOR-US: openHAB
 CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the  ...)
@@ -21255,7 +21255,7 @@ CVE-2021-20328 (Specific versions of the Java driver that support client-side fi
 	NOTE: https://jira.mongodb.org/browse/JAVA-4017
 	NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
 CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
-	TODO: check
+	NOT-FOR-US: Node mongodb-client-encryption
 CVE-2021-20326
 	RESERVED
 CVE-2021-20325
@@ -28975,7 +28975,7 @@ CVE-2020-28505
 CVE-2020-28504
 	RESERVED
 CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to Prototype Pollut ...)
-	TODO: check
+	NOT-FOR-US: Node copy-props
 CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of  ...)
 	- node-xmlhttprequest 1.8.0-1
 	[stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not covered by security support)
@@ -28984,7 +28984,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versio
 	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
 	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
 CVE-2020-28501 (This affects the package es6-crawler-detect before 3.1.3. No limitatio ...)
-	TODO: check
+	NOT-FOR-US: Node es6-crawler-detect
 CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular Expression  ...)
 	- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
 	[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
@@ -64684,7 +64684,7 @@ CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly q
 CVE-2020-13698
 	RESERVED
 CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...)
-	TODO: check
+	NOT-FOR-US: NanoHTTPD Java
 CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...)
 	{DLA-2246-1}
 	- xawtv 3.107-1 (bug #962221)
@@ -67717,7 +67717,7 @@ CVE-2020-12485 (The frame touch module does not make validity judgments on param
 CVE-2020-12484
 	RESERVED
 CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2020-12482
 	RESERVED
 CVE-2020-12481
@@ -82362,7 +82362,7 @@ CVE-2020-7348
 CVE-2020-7347
 	RESERVED
 CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7345
 	RESERVED
 CVE-2020-7344



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54164ce396affcac6ca082c4c808fedf90eba70b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54164ce396affcac6ca082c4c808fedf90eba70b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210324/17361132/attachment.htm>
