[Git][security-tracker-team/security-tracker][master] new dacs issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 31 10:57:42 BST 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c9ccb8c by Moritz Muehlenhoff at 2021-05-31T11:57:26+02:00
new dacs issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -662,7 +662,6 @@ CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.
 	- node-got <unfixed> (bug #989258)
 	NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
 	NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103	
-	TODO: check, normalize-url seems embedded in node-yarnpkg, node-got, check its use
 CVE-2021-33501
 	RESERVED
 CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
@@ -9775,9 +9774,9 @@ CVE-2021-29631
 CVE-2021-29630
 	RESERVED
 CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
-	TODO: check
+	- dacs <unfixed>
 CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...)
 	NOT-FOR-US: FreeBSD
 CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...)
@@ -10736,7 +10735,7 @@ CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exp
 CVE-2021-29257
 	RESERVED
 CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...)
-	TODO: check
+	NOT-FOR-US: Arm Mali GPU kernel driver
 CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
 	NOT-FOR-US: MicroSeven
 CVE-2021-29254
@@ -24561,7 +24560,7 @@ CVE-2021-23389
 CVE-2021-23388
 	RESERVED
 CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
-	TODO: check
+	NOT-FOR-US: Node trailing-slash
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
 	NOT-FOR-US: Node dns-packet
 CVE-2021-23385



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9ccb8ccc2a8f34fe5eb3dd35ae066f769c2043

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9ccb8ccc2a8f34fe5eb3dd35ae066f769c2043
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210531/7c0efb2e/attachment.htm>


More information about the debian-security-tracker-commits mailing list