[Git][security-tracker-team/security-tracker][master] 2 commits: updated refs for godot

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 23 19:26:50 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82d08fe1 by Moritz Mühlenhoff at 2021-05-23T20:17:23+02:00
updated refs for godot

- - - - -
3597a5b0 by Moritz Mühlenhoff at 2021-05-23T20:24:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1875,7 +1875,7 @@ CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow fr
 CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior  ...)
 	TODO: check
 CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
-	TODO: check
+	NOT-FOR-US: Pajbot
 CVE-2021-32631
 	RESERVED
 CVE-2021-32630 (Admidio is a free, open source user management system for websites of  ...)
@@ -1903,7 +1903,7 @@ CVE-2021-32620
 CVE-2021-32619
 	RESERVED
 CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
-	TODO: check
+	NOT-FOR-US: Flask-Security-Too
 CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed> (bug #988731)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
@@ -9046,7 +9046,7 @@ CVE-2021-29625 (Adminer is open-source database management software. A cross-sit
 	NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
 	NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
 CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...)
-	TODO: check
+	NOT-FOR-US: fastify-csrf
 CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
 	- exiv2 <unfixed> (bug #988481)
 	[bullseye] - exiv2 <no-dsa> (Minor issue)
@@ -14236,11 +14236,11 @@ CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-si
 CVE-2021-27435
 	RESERVED
 CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
-	TODO: check
+	NOT-FOR-US: Unified Automation .NET
 CVE-2021-27433
 	RESERVED
 CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
-	TODO: check
+	NOT-FOR-US: OPC Foundation UA .NET
 CVE-2021-27431
 	RESERVED
 CVE-2021-27430
@@ -15688,12 +15688,15 @@ CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is
 	- godot <unfixed> (bug #982593)
 	[buster] - godot <no-dsa> (Minor issue)
 	NOTE: https://github.com/godotengine/godot/pull/45701
-	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
+	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+	NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
 CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
 	- godot <unfixed> (bug #982593)
 	[buster] - godot <no-dsa> (Minor issue)
-	NOTE: https://github.com/godotengine/godot/pull/45702
-	NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
+	NOTE: https://github.com/godotengine/godot/pull/45701
+	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
+	NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+	NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
 CVE-2021-26824
 	RESERVED
 CVE-2021-26823
@@ -23799,7 +23802,7 @@ CVE-2021-23388
 CVE-2021-23387
 	RESERVED
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
-	TODO: check
+	NOT-FOR-US: Node dns-packet
 CVE-2021-23385
 	RESERVED
 CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
@@ -31568,7 +31571,7 @@ CVE-2021-20591
 CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...)
@@ -32084,7 +32087,7 @@ CVE-2021-20333
 CVE-2021-20332
 	RESERVED
 CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
-	TODO: check
+	NOT-FOR-US: MongoDB C# Driver
 CVE-2021-20330
 	RESERVED
 CVE-2021-20329
@@ -45337,7 +45340,7 @@ CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have im
 CVE-2020-27210
 	RESERVED
 CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...)
-	TODO: check
+	NOT-FOR-US: micro-ecc
 CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced during the d ...)
 	NOT-FOR-US: SoloKeys Solo
 CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
@@ -52065,9 +52068,9 @@ CVE-2020-24398
 CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
 	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH key ...)
-	TODO: check
+	NOT-FOR-US: homee Brain Cube
 CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28 ...)
-	TODO: check
+	NOT-FOR-US: homee Brain Cube
 CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
 	- linux 5.7.6-1 (bug #962254)
 	[buster] - linux 4.19.131-1
@@ -53431,9 +53434,9 @@ CVE-2020-23768 (An information disclosure vulnerability was discovered in alipay
 CVE-2020-23767
 	RESERVED
 CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on htmly v2.7. ...)
-	TODO: check
+	NOT-FOR-US: htmly
 CVE-2020-23765 (A file upload vulnerability was discovered in the file path /bl-plugin ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2020-23764
 	RESERVED
 CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows remote atta ...)
@@ -80197,7 +80200,7 @@ CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends d
 	NOTE: Negligible security impact, a malicious peer can achieve no more than already
 	NOTE: able o achieve within the scp protocol.
 CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...)
-	TODO: check
+	NOT-FOR-US: Nitrokey firmware
 CVE-2020-12060
 	RESERVED
 CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
@@ -443235,7 +443238,7 @@ CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion dur
 	- libxml2 2.6.32.dfsg-3 (medium)
 	- chromium-browser 5.0.375.29~r46008-1
 CVE-2008-3280 (It was found that various OpenID Providers (OPs) had TLS Server Certif ...)
-	TODO: check
+	NOT-FOR-US: Historic OpenID issues
 CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
 	- brltty <not-affected> (RedHat-specific)
 CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/afd2c9969f89738345c27af01e1afc66b441bc2f...3597a5b0d34f44032c244276dbf96907f41ef4ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/afd2c9969f89738345c27af01e1afc66b441bc2f...3597a5b0d34f44032c244276dbf96907f41ef4ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210523/a8780a56/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list