[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Sep 2 12:49:17 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89eb5133 by Moritz Muehlenhoff at 2021-09-02T13:48:58+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2786,7 +2786,7 @@ CVE-2021-39187
 CVE-2021-39186 (GlobalNewFiles is a package in Miraheze, a wiki hosting service. Prior ...)
 	NOT-FOR-US: Miraheze
 CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
-	TODO: check
+	NOT-FOR-US: Https4s
 CVE-2021-39184
 	RESERVED
 CVE-2021-39183
@@ -2815,7 +2815,7 @@ CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.
 CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
 	- cachet <itp> (bug #851177)
 CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the  ...)
-	TODO: check
+	NOT-FOR-US: Node passport-saml
 CVE-2021-39170 (Pimcore is an open source data & experience management platform. P ...)
 	NOT-FOR-US: Pimcore
 CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...)
@@ -3817,7 +3817,7 @@ CVE-2021-38705
 CVE-2021-38704
 	RESERVED
 CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...)
-	TODO: check
+	NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware
 CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
 	NOT-FOR-US: D-Link
 CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
@@ -5943,7 +5943,7 @@ CVE-2021-37796
 CVE-2021-37795
 	RESERVED
 CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...)
-	TODO: check
+	NOT-FOR-US: FileBrowser
 CVE-2021-37793
 	RESERVED
 CVE-2021-37792
@@ -8456,9 +8456,9 @@ CVE-2021-36694
 CVE-2021-36693
 	RESERVED
 CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...)
-	TODO: check
+	NOT-FOR-US: libjxl
 CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
-	TODO: check
+	NOT-FOR-US: libjxl
 CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
 	- sqlite3 3.36.0-2 (unimportant)
 	[stretch] - sqlite3 <not-affected> (vulnerable code is not present)
@@ -13605,7 +13605,7 @@ CVE-2021-34437
 CVE-2021-34436
 	RESERVED
 CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Theia
 CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
 	- mosquitto <unfixed> (bug #993400)
 	[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
@@ -20173,11 +20173,11 @@ CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby
 	NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master)
 	NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7)
 CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...)
-	TODO: check
+	NOT-FOR-US: CyberArk
 CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...)
-	TODO: check
+	NOT-FOR-US: CyberArk
 CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...)
-	TODO: check
+	NOT-FOR-US: CyberArk
 CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...)
 	NOT-FOR-US: PowerVR GPU kernel driver (OOT)
 CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89eb5133b2b794185d850525a754cca7664b0bbb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89eb5133b2b794185d850525a754cca7664b0bbb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210902/5585f334/attachment.htm>

More information about the debian-security-tracker-commits mailing list