[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 19 21:31:32 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
46a43437 by Moritz Muehlenhoff at 2021-10-19T22:31:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -133,7 +133,7 @@ CVE-2021-42652
CVE-2021-42651
RESERVED
CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2021-42649
RESERVED
CVE-2021-42648
@@ -281,9 +281,9 @@ CVE-2021-42578
CVE-2021-42577
RESERVED
CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
- TODO: check
+ NOT-FOR-US: bluemonday sanitizer
CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...)
- TODO: check
+ NOT-FOR-US: OWASP HTML Sanitizer
CVE-2021-42574
RESERVED
CVE-2021-42573
@@ -2597,7 +2597,7 @@ CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored
CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...)
- zammad <itp> (bug #841355)
CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
- TODO: check
+ NOT-FOR-US: CoreNLP
CVE-2021-42083
RESERVED
CVE-2021-42082
@@ -4713,17 +4713,17 @@ CVE-2021-41158
CVE-2021-41157
RESERVED
CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...)
- TODO: check
+ NOT-FOR-US: anuko/timetracker
CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...)
TODO: check
CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...)
NOT-FOR-US: OpenOlat
CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2021-41150
RESERVED
CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...)
@@ -4745,7 +4745,7 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end t
CVE-2021-41141
RESERVED
CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
@@ -22584,7 +22584,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
{DLA-2742-1}
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
CVE-2021-33579
RESERVED
@@ -82742,7 +82742,7 @@ CVE-2020-21698
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8188
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
CVE-2020-21696
@@ -82764,7 +82764,7 @@ CVE-2020-21689
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
- ffmpeg 7:4.4-5
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8186
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
CVE-2020-21687
@@ -84220,7 +84220,7 @@ CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_i
{DSA-4990-1 DLA-2742-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
- [stretch] - ffmpeg <postponed> (Wait for 4.1.8)
+ [stretch] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/7989
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
CVE-2020-21040
@@ -84522,7 +84522,7 @@ CVE-2020-20897
REJECTED
CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8273
CVE-2020-20895
@@ -84538,7 +84538,7 @@ CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
- ffmpeg 7:4.3-2
- [buster] - ffmpeg <postponed> (Wait for 4.1.8)
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8282
CVE-2020-20890
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a43437d3b679810990473828576ec36f51c92c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46a43437d3b679810990473828576ec36f51c92c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211019/d23ef868/attachment.htm>
More information about the debian-security-tracker-commits
mailing list