[Git][security-tracker-team/security-tracker][master] new hyperkitty issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 27 16:21:16 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b1af30e by Moritz Muehlenhoff at 2021-05-27T17:20:12+02:00
new hyperkitty issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2021-33577
CVE-2021-33576
RESERVED
CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: ruby-jss gem
CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) through 2.33 h ...)
- glibc <unfixed> (bug #989147)
[bullseye] - glibc <no-dsa> (Minor issue)
@@ -44,7 +44,7 @@ CVE-2021-33572
CVE-2021-33571
RESERVED
CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...)
- TODO: check
+ NOT-FOR-US: Postbird
CVE-2021-33569
RESERVED
CVE-2021-33568
@@ -190,7 +190,7 @@ CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandle
CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...)
NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 5026 does not ensure that rest ...)
- TODO: check
+ NOT-FOR-US: jitsi-meet-prosody
CVE-2021-33505
RESERVED
CVE-2021-33504
@@ -1200,7 +1200,9 @@ CVE-2021-33040
CVE-2021-33039
RESERVED
CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
- TODO: check
+ - hyperkitty <unfixed>
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
CVE-2021-33037
RESERVED
CVE-2021-33036
@@ -2059,7 +2061,7 @@ CVE-2021-32635 [Action Commands (run/shell/exec) Against Library URIs Ignore Con
CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
NOT-FOR-US: NSA Emissary
CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...)
- TODO: check
+ NOT-FOR-US: Zope
CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
NOT-FOR-US: Pajbot
CVE-2021-32631
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1af30e4d328d5428c0d6444897feb5adf763a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b1af30e4d328d5428c0d6444897feb5adf763a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210527/e89adcab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list