[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Sep 3 13:31:33 BST 2021


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6427dbe by Neil Williams at 2021-09-03T13:31:15+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -348,7 +348,8 @@ CVE-2021-3759 [ unaccounted ipc objects in Linux kernel lead to breaking memcg l
 CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...)
 	NOT-FOR-US: bookstack
 CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...)
-	TODO: check
+	NOT-FOR-US: Node immer
+	NOTE: https://github.com/immerjs/immer
 CVE-2021-40331
 	RESERVED
 CVE-2021-3756
@@ -40790,7 +40791,7 @@ CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vu
 CVE-2021-23437
 	RESERVED
 CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Node immer
 CVE-2021-23435
 	RESERVED
 CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...)
@@ -42938,7 +42939,7 @@ CVE-2021-22527
 CVE-2021-22526
 	RESERVED
 CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Microfocus
 CVE-2021-22524
 	RESERVED
 CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...)
@@ -47982,7 +47983,7 @@ CVE-2021-21088
 CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
 	NOT-FOR-US: Adobe
 CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
@@ -83003,7 +83004,8 @@ CVE-2020-18050
 CVE-2020-18049
 	RESERVED
 CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: CraigMS
+	NOTE: https://github.com/bertanddip/CraigMS
 CVE-2020-18047
 	RESERVED
 CVE-2020-18046



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6427dbe0a70321fb368c8a38f8173714131a308

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6427dbe0a70321fb368c8a38f8173714131a308
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210903/ebcc1168/attachment.htm>
