[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 11 14:06:36 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c87e690 by Moritz Muehlenhoff at 2021-11-11T15:06:01+01:00
NFUs
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded passwo
 CVE-2021-43574
 	RESERVED
 CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
-	TODO: check
+	NOT-FOR-US: Stark bank libraries
 CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
-	TODO: check
+	NOT-FOR-US: Stark bank libraries
 CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java)  ...)
-	TODO: check
+	NOT-FOR-US: Stark bank libraries
 CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...)
-	TODO: check
+	NOT-FOR-US: Stark bank libraries
 CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...)
-	TODO: check
+	NOT-FOR-US: Stark bank libraries
 CVE-2021-43567
 	RESERVED
 CVE-2021-43566
@@ -260,7 +260,7 @@ CVE-2021-43468
 CVE-2021-43467
 	RESERVED
 CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...)
-	TODO: check
+	NOT-FOR-US: thymeleaf-spring5
 CVE-2021-43465
 	RESERVED
 CVE-2021-43464
@@ -7588,11 +7588,11 @@ CVE-2021-41252
 CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
 	NOT-FOR-US: SAP
 CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...)
-	TODO: check
+	NOT-FOR-US: Python discord bot
 CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...)
-	TODO: check
+	NOT-FOR-US: GraphQL Playground
 CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
-	TODO: check
+	NOT-FOR-US: GraphiQL
 CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks.  ...)
 	NOT-FOR-US: JupyterHub
 CVE-2021-41246
@@ -7755,7 +7755,7 @@ CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugi
 CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
 	NOT-FOR-US: eLabFTW
 CVE-2021-41170 (### Impact Versions prior 1.1.1 have allowed for passing in closures d ...)
-	TODO: check
+	NOT-FOR-US: neoan3-apps/template
 CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
 	NOT-FOR-US: Sulu
 CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used  ...)
@@ -8097,7 +8097,7 @@ CVE-2021-41040
 CVE-2021-41039
 	RESERVED
 CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2021-41037
 	RESERVED
 CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
@@ -10754,45 +10754,45 @@ CVE-2021-39916
 CVE-2021-39915
 	RESERVED
 CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39910
 	RESERVED
 CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-39908
 	RESERVED
 CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in GitLab  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
 	- gitlab <unfixed>
 CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
 	- gitlab <unfixed>
 CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses  ...)
 	- gitlab <unfixed>
 CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
 	- gitlab <unfixed>
 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c87e6905661006f28056c21491e88df9e190722

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c87e6905661006f28056c21491e88df9e190722
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211111/4404981f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list