[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 11 09:25:01 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79fd9868 by Salvatore Bonaccorso at 2021-05-10T21:59:17+02:00
Process some NFUs

- - - - -
ad36c4d5 by Salvatore Bonaccorso at 2021-05-11T08:59:12+02:00
Track fixed version for CVE-2021-20308/htmldoc via unstable

- - - - -
67f2be05 by Salvatore Bonaccorso at 2021-05-11T09:00:08+02:00
Track fixed version for CVE-2021-32056/cyrus-imapd via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -884,7 +884,7 @@ CVE-2021-32057
 	RESERVED
 CVE-2021-32056 [annotate: don't allow everyone to write shared server entries ]
 	RESERVED
-	- cyrus-imapd <unfixed>
+	- cyrus-imapd 3.2.6-2
 	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
 	NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
 CVE-2021-32054
@@ -2882,7 +2882,7 @@ CVE-2021-31247
 CVE-2021-31246
 	RESERVED
 CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares  ...)
-	TODO: check
+	NOT-FOR-US: openmptcprouter-vps-admin
 CVE-2021-31244
 	RESERVED
 CVE-2021-31243
@@ -6866,9 +6866,9 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploi
 CVE-2021-29492
 	RESERVED
 CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
-	TODO: check
+	NOT-FOR-US: mixme nodejs module
 CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
-	TODO: check
+	NOT-FOR-US: Jellyfin
 CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
 	NOT-FOR-US: Highcharts JS
 CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
@@ -13831,7 +13831,7 @@ CVE-2021-26545
 CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...)
 	NOT-FOR-US: Apache Livy
 CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command i ...)
-	TODO: check
+	NOT-FOR-US: git-parse nodejs module
 CVE-2021-26542
 	RESERVED
 CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
@@ -29606,7 +29606,7 @@ CVE-2021-20309 [Division by zero in WaveImage() of MagickCore/visual-effects.c]
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
 CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers  ...)
-	- htmldoc <unfixed> (unimportant; bug #984765)
+	- htmldoc 1.9.11-3 (unimportant; bug #984765)
 	NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
@@ -32985,7 +32985,7 @@ CVE-2021-1897
 CVE-2021-1896
 	RESERVED
 CVE-2021-1895 (Possible integer overflow due to improper length check while flashing  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2021-1894
 	RESERVED
 CVE-2021-1893
@@ -80714,7 +80714,7 @@ CVE-2020-11270 (Possible denial of service due to RTT responder consistently rej
 CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11267
 	RESERVED
 CVE-2020-11266



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c88afa77085ee22214f9341283b0ef203cd892a...67f2be05fdf8827c7f6f327764d1c0d119b9dded
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210511/e75f6393/attachment.htm>

More information about the debian-security-tracker-commits mailing list