[Git][security-tracker-team/security-tracker][master] jhead non issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 29 16:37:11 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40def957 by Moritz Muehlenhoff at 2022-07-29T17:36:48+02:00
jhead non issue
NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69388,8 +69388,7 @@ CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow En
CVE-2021-37932
RESERVED
CVE-2021-3681 (A flaw was found in Ansible Galaxy Collections. When collections are b ...)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
- TODO: check, needs verifying the affected ansible/ansible-base components
+ NOT-FOR-US: Ansible Galaxy
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: ShowDoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
@@ -80839,7 +80838,6 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
[stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
NOTE: https://github.com/golang/go/issues/46288
- TODO: check completeness
CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
- apache2 2.4.48-4
[bullseye] - apache2 2.4.48-3.1+deb11u1
@@ -80913,7 +80911,6 @@ CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prio
[bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
[stretch] - nagvis <no-dsa> (Minor issue)
- TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
NOT-FOR-US: Nagios XI
CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
@@ -93809,8 +93806,9 @@ CVE-2021-28277 (A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 a
NOTE: https://github.com/Matthias-Wandel/jhead/issues/16
NOTE: Crash in CLI tool, no security impact
CVE-2021-28276 (A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a ...)
- TODO: check CVE reference, probably invalid report or old version.
+ - jhead <unfixed> (unimportant)
NOTE: https://github.com/Matthias-Wandel/jhead/issues/26
+ NOTE: Crash in CLI tool, no security impact
CVE-2021-28275 (A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to ...)
- jhead 1:3.06.0.1-2 (unimportant)
NOTE: https://github.com/Matthias-Wandel/jhead/commit/a50953a266583981b51a181c2fce73dad2ac5d7d (3.06.0.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40def95791681b8fab82b3be3d93edccbc86b1f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40def95791681b8fab82b3be3d93edccbc86b1f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220729/c14e0b89/attachment.htm>
More information about the debian-security-tracker-commits
mailing list