[Git][security-tracker-team/security-tracker][master] NFU

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 11 20:36:21 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b3e3745 by Moritz Muehlenhoff at 2022-07-11T21:31:19+02:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49248,9 +49248,7 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Sso
 CVE-2021-43504
 	RESERVED
 CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...)
-	- php-laravel-framework <undetermined>
-	NOTE: https://github.com/guoyanan1g/Laravel-vul/issues/2#issue-1045655892
-	TODO: check, unclear status of report to upstream
+	NOTE: Disputed Laravel issue
 CVE-2021-43502
 	RESERVED
 CVE-2021-43501
@@ -126259,10 +126257,8 @@ CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 ma
 	NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009
 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
-	- bluez <unfixed>
-	[bullseye] - bluez <no-dsa> (Minor issue)
-	[buster] - bluez <no-dsa> (Minor issue)
-	[stretch] - bluez <not-affected> (Mesh support introduced later)
+	NOT-FOR-US: Bluetooth
+	NOTE: There's no indication that any Bluetooth software in Debian is affected
 	NOTE: https://kb.cert.org/vuls/id/799380
 	NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3e374505c297f9ac83178fa1db2d60f833d287
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/fa09c08b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list