[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 27 14:22:17 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a81d6f34 by Moritz Muehlenhoff at 2021-09-27T15:21:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -381,7 +381,7 @@ CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constr
 	- libressl <itp> (bug #754513)
 	NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch
 CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...)
-	TODO: check
+	NOT-FOR-US: Node passport-oauth2
 CVE-2021-41579
 	RESERVED
 CVE-2021-41578
@@ -3130,7 +3130,7 @@ CVE-2021-40351
 CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...)
 	NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices
 CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...)
-	TODO: check
+	NOT-FOR-US: e7d Speed Test
 CVE-2021-40348
 	RESERVED
 CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...)
@@ -7899,7 +7899,7 @@ CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can g
 	NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5
 	NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
 CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...)
-	TODO: check
+	NOT-FOR-US: FIDO2/Webauthn Support for PHP
 CVE-2021-38298
 	RESERVED
 CVE-2021-38297
@@ -24033,11 +24033,11 @@ CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vul
 	- salt 3002.6+dfsg1-2 (bug #987496)
 	NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
 CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to  ...)
-	TODO: check
+	NOT-FOR-US: openvpn-monitor
 CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...)
-	TODO: check
+	NOT-FOR-US: openvpn-monitor
 CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...)
-	TODO: check
+	NOT-FOR-US: openvpn-monitor
 CVE-2021-31603
 	RESERVED
 CVE-2021-31602
@@ -101844,7 +101844,7 @@ CVE-2020-12085
 CVE-2020-12084
 	RESERVED
 CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code  ...)
-	TODO: check
+	NOT-FOR-US: Code Insight
 CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...)
 	NOT-FOR-US: Insight
 CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81d6f34bbfc1b62d55f60de377b1c0b161947d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a81d6f34bbfc1b62d55f60de377b1c0b161947d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210927/96e9e512/attachment.htm>

More information about the debian-security-tracker-commits mailing list