[Git][security-tracker-team/security-tracker][master] Process NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc85871f by Neil Williams at 2022-01-25T14:59:06+00:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65292,17 +65292,17 @@ CVE-2021-24048
 CVE-2021-24047
 	RESERVED
 CVE-2021-24046 (A logic flaw in Ray-Ban® Stories device software allowed some par ...)
-	TODO: check
+	NOT-FOR-US: Facebook View
 CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2021-24043
 	RESERVED
 CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
-	TODO: check
+	NOT-FOR-US: Whatsapp
 CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
-	TODO: check
+	NOT-FOR-US: Whatsapp
 CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the  ...)
 	NOT-FOR-US: Facebook ParlAI
 CVE-2021-24039
@@ -65891,7 +65891,7 @@ CVE-2021-23844
 CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
 	NOT-FOR-US: Bosch
 CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
 	{DSA-4855-1 DLA-2565-1 DLA-2563-1}
 	- openssl 1.1.1j-1
@@ -65986,7 +65986,7 @@ CVE-2021-23826
 CVE-2021-23825
 	RESERVED
 CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
-	TODO: check
+	NOT-FOR-US: CrowCpp
 CVE-2021-23823
 	RESERVED
 CVE-2021-23822
@@ -66043,7 +66043,7 @@ CVE-2021-23799
 CVE-2021-23798
 	RESERVED
 CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
-	TODO: check
+	NOT-FOR-US: Node http-server
 CVE-2021-23796
 	RESERVED
 CVE-2021-23795
@@ -66093,7 +66093,7 @@ CVE-2021-23774
 CVE-2021-23773
 	RESERVED
 CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
-	TODO: check
+	NOT-FOR-US: iris Go web framework
 CVE-2021-23771
 	RESERVED
 CVE-2021-23770
@@ -66240,7 +66240,7 @@ CVE-2021-23702
 CVE-2021-23701
 	RESERVED
 CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...)
-	TODO: check
+	NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep).
 CVE-2021-23699
 	RESERVED
 CVE-2021-23698
@@ -66312,9 +66312,9 @@ CVE-2021-23666
 CVE-2021-23665
 	RESERVED
 CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: cors-proxy
 CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via  ...)
-	TODO: check
+	NOT-FOR-US: sey - Deprecated Simple JavaScript build tool
 CVE-2021-23662
 	RESERVED
 CVE-2021-23661
@@ -66362,7 +66362,7 @@ CVE-2021-23641
 CVE-2021-23640
 	RESERVED
 CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: Node md-to-pdf
 CVE-2021-23638
 	RESERVED
 CVE-2021-23637
@@ -66378,7 +66378,7 @@ CVE-2021-23633
 CVE-2021-23632
 	RESERVED
 CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
-	TODO: check
+	NOT-FOR-US: Node convert-svg
 CVE-2021-23630
 	RESERVED
 CVE-2021-23629



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc85871f591229f2aed997b9bf45bf62ff4deb51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc85871f591229f2aed997b9bf45bf62ff4deb51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/a88516bd/attachment.htm>