[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Nov 14 08:30:38 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2a6f439 by Salvatore Bonaccorso at 2021-11-14T09:30:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2021-3947 [NVME: Arbitrary Memory Read]
 CVE-2021-3946
 	RESERVED
 CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
-	TODO: check
+	NOT-FOR-US: django-helpdesk
 CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
 	TODO: check
 CVE-2021-3944
@@ -524,7 +524,7 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When
 CVE-2021-43410
 	RESERVED
 CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
-	TODO: check
+	NOT-FOR-US: twill
 CVE-2021-43409
 	RESERVED
 CVE-2021-43408
@@ -7787,7 +7787,7 @@ CVE-2021-41256
 CVE-2021-41255
 	RESERVED
 CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running  ...)
-	TODO: check
+	NOT-FOR-US: kustomize-controller
 CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
 	- zydis <unfixed> (bug #999431)
 	NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
@@ -11951,7 +11951,7 @@ CVE-2021-39476
 CVE-2021-39475
 	RESERVED
 CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
-	TODO: check
+	NOT-FOR-US: Docsis UBC1319BA00 Router
 CVE-2021-39473
 	RESERVED
 CVE-2021-39472
@@ -22640,7 +22640,7 @@ CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
 	- imagemagick <not-affected> (Specific to Imagemagick 7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
 CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2021-35052
 	RESERVED
 CVE-2021-35051
@@ -25532,7 +25532,7 @@ CVE-2021-33802
 CVE-2021-33801
 	RESERVED
 CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...)
-	TODO: check
+	NOT-FOR-US: Alibaba Druid
 CVE-2021-33799
 	RESERVED
 CVE-2021-33798
@@ -45425,7 +45425,7 @@ CVE-2021-25982
 CVE-2021-25981
 	RESERVED
 CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
-	TODO: check
+	NOT-FOR-US: Talkyard
 CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
 	NOT-FOR-US: Apostrophe CMS
 CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...)
@@ -50721,7 +50721,7 @@ CVE-2021-23786
 CVE-2021-23785
 	RESERVED
 CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to the esc ...)
-	TODO: check
+	NOT-FOR-US: tempura
 CVE-2021-23783
 	RESERVED
 CVE-2021-23782
@@ -51041,7 +51041,7 @@ CVE-2021-23626
 CVE-2021-23625
 	RESERVED
 CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Node dotty
 CVE-2021-23623
 	RESERVED
 CVE-2021-23622
@@ -51271,7 +51271,7 @@ CVE-2021-23511
 CVE-2021-23510
 	RESERVED
 CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion vulne ...)
-	TODO: check
+	NOT-FOR-US: Node json-ptr
 CVE-2021-23508
 	RESERVED
 CVE-2021-23507
@@ -52753,7 +52753,7 @@ CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-
 CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2021-22870 (A path traversal vulnerability was identified in GitHub Pages builds o ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...)
 	NOT-FOR-US: GitHub Enterprise Server
 CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a6f4393abb96da7eb356211aac34b5e9061762

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a6f4393abb96da7eb356211aac34b5e9061762
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211114/c3c1e371/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list