[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 1 09:55:52 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb3def19 by Moritz Muehlenhoff at 2021-09-01T10:55:26+02:00
NFUs
puppet n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2774,7 +2774,7 @@ CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center befor
 CVE-2021-39110
 	RESERVED
 CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-39108
 	RESERVED
 CVE-2021-39107
@@ -6574,7 +6574,7 @@ CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allo
 CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37414
 	RESERVED
 CVE-2021-37413
@@ -9219,7 +9219,7 @@ CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bo
 	[stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858
 CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0.  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...)
 	NOT-FOR-US: MIK.starlight
 CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...)
@@ -14209,7 +14209,7 @@ CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to
 CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
 	NOT-FOR-US: tsMuxer
 CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...)
-	TODO: check
+	NOT-FOR-US: EdgeGallery/developer
 CVE-2021-34065
 	RESERVED
 CVE-2021-34064
@@ -17155,7 +17155,7 @@ CVE-2021-32833
 CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...)
-	TODO: check
+	NOT-FOR-US: Total.js
 CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont  ...)
 	NOT-FOR-US: Node @diez/generation
 CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
@@ -25528,9 +25528,9 @@ CVE-2021-29633
 CVE-2021-29632
 	RESERVED
 CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
 	- dacs <unfixed> (bug #989288; unimportant)
 	[stretch] - dacs <not-affected> (Vulnerable module first bundled in 1.4.40)
@@ -31806,7 +31806,7 @@ CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an esca
 	NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
 	NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
 CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...)
-	TODO: check
+	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...)
 	TODO: check
 CVE-2021-27018 (The mechanism which performs certificate validation was discovered to  ...)
@@ -79651,6 +79651,7 @@ CVE-2020-19482
 	RESERVED
 CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...)
 	- gpac 1.0.1+dfsg1-2
+	[buster] - gpac <ignored> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
 	NOTE: https://github.com/gpac/gpac/issues/1265
 	NOTE: https://github.com/gpac/gpac/issues/1266



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3def19f0ba7fc7a44edbefffae08fd0990e93a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3def19f0ba7fc7a44edbefffae08fd0990e93a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210901/434dbce3/attachment.htm>

More information about the debian-security-tracker-commits mailing list