[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Sep 1 08:31:44 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
879ac88f by Salvatore Bonaccorso at 2021-09-01T09:31:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5785,7 +5785,7 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b
 	[buster] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
 CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
-	TODO: check
+	NOT-FOR-US: Hexagon GeoMedia WebMap
 CVE-2021-37748
 	RESERVED
 CVE-2021-37747
@@ -7447,7 +7447,7 @@ CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attack
 CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
 	NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
 CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
-	TODO: check
+	NOT-FOR-US: SerNet verinice
 CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
 	- linux 5.10.46-3
 CVE-2021-3654 [novnc allows open redirection]
@@ -9170,13 +9170,13 @@ CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bo
 CVE-2021-36235
 	RESERVED
 CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...)
-	TODO: check
+	NOT-FOR-US: MIK.starlight
 CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...)
-	TODO: check
+	NOT-FOR-US: MIK.starlight
 CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...)
-	TODO: check
+	NOT-FOR-US: MIK.starlight
 CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...)
-	TODO: check
+	NOT-FOR-US: MIK.starlight
 CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...)
 	NOT-FOR-US: Terraform Enterprise
 CVE-2021-36229
@@ -34458,7 +34458,7 @@ CVE-2021-25960
 CVE-2021-25959
 	RESERVED
 CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...)
-	TODO: check
+	NOT-FOR-US: Apache Ofbiz
 CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...)
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/879ac88f8e3d58e32767ecad6b80865ac2698945

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/879ac88f8e3d58e32767ecad6b80865ac2698945
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210901/301b8109/attachment.htm>
