[Git][security-tracker-team/security-tracker][master] new hyperkitty issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 27 16:21:16 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b1af30e by Moritz Muehlenhoff at 2021-05-27T17:20:12+02:00
new hyperkitty issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2021-33577
 CVE-2021-33576
 	RESERVED
 CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: ruby-jss gem
 CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) through 2.33 h ...)
 	- glibc <unfixed> (bug #989147)
 	[bullseye] - glibc <no-dsa> (Minor issue)
@@ -44,7 +44,7 @@ CVE-2021-33572
 CVE-2021-33571
 	RESERVED
 CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...)
-	TODO: check
+	NOT-FOR-US: Postbird
 CVE-2021-33569
 	RESERVED
 CVE-2021-33568
@@ -190,7 +190,7 @@ CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandle
 CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...)
 	NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
 CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 5026 does not ensure that rest ...)
-	TODO: check
+	NOT-FOR-US: jitsi-meet-prosody
 CVE-2021-33505
 	RESERVED
 CVE-2021-33504
@@ -1200,7 +1200,9 @@ CVE-2021-33040
 CVE-2021-33039
 	RESERVED
 CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
-	TODO: check
+	- hyperkitty <unfixed>
+	NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
+	NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
 CVE-2021-33037
 	RESERVED
 CVE-2021-33036
@@ -2059,7 +2061,7 @@ CVE-2021-32635 [Action Commands (run/shell/exec) Against Library URIs Ignore Con
 CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
 	NOT-FOR-US: NSA Emissary
 CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Zope
 CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
 	NOT-FOR-US: Pajbot
 CVE-2021-32631



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1af30e4d328d5428c0d6444897feb5adf763a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1af30e4d328d5428c0d6444897feb5adf763a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210527/e89adcab/attachment.htm>

More information about the debian-security-tracker-commits mailing list