[Git][security-tracker-team/security-tracker][master] Process NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Thu Sep 16 08:47:28 BST 2021
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0749f48a by Neil Williams at 2021-09-16T08:47:09+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -867,15 +867,15 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid]
CVE-2021-40865
RESERVED
CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2021-3796 (vim is vulnerable to Use After Free ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428)
CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...)
- TODO: check
+ NOT-FOR-US: Node semver-regex
CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...)
- TODO: check
+ NOT-FOR-US: vuelidate for Vue.js
CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
CVE-2021-40863
@@ -992,11 +992,11 @@ CVE-2021-3787
CVE-2021-3786
RESERVED
CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
- TODO: check
+ NOT-FOR-US: yourls
CVE-2021-3784
RESERVED
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
- TODO: check
+ NOT-FOR-US: yourls
CVE-2021-3782
RESERVED
CVE-2021-3781 [Include device specifier strings in access validation]
@@ -1306,7 +1306,7 @@ CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409)
CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...)
- TODO: check
+ NOT-FOR-US: nodejs-tmpl
CVE-2021-40681
RESERVED
CVE-2021-40680
@@ -42747,7 +42747,7 @@ CVE-2021-23437 (The package pillow from 0 and before 8.3.2 are vulnerable to Reg
CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...)
NOT-FOR-US: Node immer
CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerability can ...)
- TODO: check
+ NOT-FOR-US: Rails clearance gem
CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...)
- node-object-path 0.11.7-1
[bullseye] - node-object-path <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0749f48aeab894afd672fe719d200013935ea1e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0749f48aeab894afd672fe719d200013935ea1e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210916/605a3ad0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list