[Git][security-tracker-team/security-tracker][master] new graphviz issue

Moritz Muehlenhoff jmm at debian.org
Mon May 3 13:15:17 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd1ca29e by Moritz Muehlenhoff at 2021-05-03T14:15:01+02:00
new graphviz issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2021-31998
 CVE-2021-31997
 	RESERVED
 CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
-	TODO: check
+	NOT-FOR-US: Rust crate algorithmica
 CVE-2021-3529
 	RESERVED
 CVE-2021-31995
@@ -5657,7 +5657,7 @@ CVE-2021-29488
 CVE-2021-29487
 	RESERVED
 CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
-	TODO: check
+	NOT-FOR-US: Node cumulative-distribution-function
 CVE-2021-29485
 	RESERVED
 CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
@@ -11942,7 +11942,7 @@ CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote
 CVE-2021-26808
 	RESERVED
 CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy client
 CVE-2021-26806
 	RESERVED
 CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
@@ -49138,7 +49138,7 @@ CVE-2020-23909
 CVE-2020-23908
 	RESERVED
 CVE-2020-23907 (An issue was discovered in retdec v3.3. In function canSplitFunctionOn ...)
-	TODO: check
+	NOT-FOR-US: retdec
 CVE-2020-23906
 	RESERVED
 CVE-2020-23905
@@ -51336,9 +51336,9 @@ CVE-2020-22810
 CVE-2020-22809
 	RESERVED
 CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...)
-	TODO: check
+	NOT-FOR-US: yii2_fecshop
 CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...)
-	TODO: check
+	NOT-FOR-US: VTiger CRM
 CVE-2020-22806
 	RESERVED
 CVE-2020-22805
@@ -54053,7 +54053,7 @@ CVE-2020-21454
 CVE-2020-21453
 	RESERVED
 CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...)
-	TODO: check
+	NOT-FOR-US: uniview ISC2500-S
 CVE-2020-21451
 	RESERVED
 CVE-2020-21450
@@ -54755,7 +54755,7 @@ CVE-2020-21103
 CVE-2020-21102
 	RESERVED
 CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...)
-	TODO: check
+	NOT-FOR-US: Screenly
 CVE-2020-21100
 	RESERVED
 CVE-2020-21099
@@ -60910,13 +60910,14 @@ CVE-2020-18037
 CVE-2020-18036
 	RESERVED
 CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Jeesns
 CVE-2020-18034
 	RESERVED
 CVE-2020-18033
 	RESERVED
 CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...)
-	TODO: check
+	- graphviz <unfixed>
+	NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
 CVE-2020-18031
 	RESERVED
 CVE-2020-18030



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1ca29e7b3522b19bf681980e19956cf6fe3da6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd1ca29e7b3522b19bf681980e19956cf6fe3da6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210503/cc1ad3df/attachment.htm>


More information about the debian-security-tracker-commits mailing list