[Git][security-tracker-team/security-tracker][master] new ruby-apollo-upload-server issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 8 14:40:52 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
052a7a6b by Moritz Muehlenhoff at 2021-10-08T15:40:23+02:00
new ruby-apollo-upload-server issue
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -104,7 +104,7 @@ CVE-2021-42055
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...)
NOT-FOR-US: ACCEL-PPP
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
- TODO: check
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-42052
RESERVED
CVE-2021-42051
@@ -2182,9 +2182,9 @@ CVE-2021-41132
CVE-2021-41131
RESERVED
CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
- TODO: check
+ NOT-FOR-US: Extensible Service Proxy
CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...)
- TODO: check
+ NOT-FOR-US: Pterodactyl
CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
NOT-FOR-US: Hygeia
CVE-2021-41127
@@ -2201,7 +2201,7 @@ CVE-2021-41123 (Survey Solutions is a survey management and data collection syst
CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
NOT-FOR-US: Vyper
CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
NOT-FOR-US: sylius/paypal-plugin
CVE-2021-41119
@@ -3798,7 +3798,7 @@ CVE-2021-3762
RESERVED
NOT-FOR-US: Quay/clair
CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...)
- TODO: check
+ NOT-FOR-US: Apache OpenOffice
CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
{DLA-2776-1}
- apache2 2.4.49-1
@@ -5078,11 +5078,13 @@ CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous u
CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
- gitlab <unfixed>
CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
- TODO: check
+ - gitlab <unfixed>
+ - ruby-apollo-upload-server <unfixed>
+ TODO: reach out for details
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
- gitlab <unfixed>
CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
- gitlab <unfixed>
CVE-2021-39876
@@ -13854,7 +13856,7 @@ CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The S
NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6)
CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: SilverStripe CMS
CVE-2021-36149
RESERVED
CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052a7a6b1722f042e6eedaf4031cbfbd8cb7f4c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052a7a6b1722f042e6eedaf4031cbfbd8cb7f4c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211008/c090cefc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list