[Git][security-tracker-team/security-tracker][master] new dacs issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon May 31 10:57:42 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c9ccb8c by Moritz Muehlenhoff at 2021-05-31T11:57:26+02:00
new dacs issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -662,7 +662,6 @@ CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.
- node-got <unfixed> (bug #989258)
NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
- TODO: check, normalize-url seems embedded in node-yarnpkg, node-got, check its use
CVE-2021-33501
RESERVED
CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
@@ -9775,9 +9774,9 @@ CVE-2021-29631
CVE-2021-29630
RESERVED
CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
- TODO: check
+ - dacs <unfixed>
CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...)
NOT-FOR-US: FreeBSD
CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...)
@@ -10736,7 +10735,7 @@ CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exp
CVE-2021-29257
RESERVED
CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...)
- TODO: check
+ NOT-FOR-US: Arm Mali GPU kernel driver
CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
NOT-FOR-US: MicroSeven
CVE-2021-29254
@@ -24561,7 +24560,7 @@ CVE-2021-23389
CVE-2021-23388
RESERVED
CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
- TODO: check
+ NOT-FOR-US: Node trailing-slash
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
NOT-FOR-US: Node dns-packet
CVE-2021-23385
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9ccb8ccc2a8f34fe5eb3dd35ae066f769c2043
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9ccb8ccc2a8f34fe5eb3dd35ae066f769c2043
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210531/7c0efb2e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list