[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-41736/faust <unfixed>

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
832bb6f4 by Neil Williams at 2022-03-25T09:46:20+00:00
CVE-2021-41736/faust <unfixed>

- - - - -
b15ab3c2 by Neil Williams at 2022-03-25T10:11:32+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20276,7 +20276,7 @@ CVE-2021-45119
 CVE-2021-45118
 	RESERVED
 CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...)
-	TODO: check
+	NOT-FOR-US: OPCFoundation/UA-Nodeset
 CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
 	- python-django 2:3.2.11-1 (bug #1003113)
 	[bullseye] - python-django <postponed> (Minor issue; fix in next update)
@@ -20875,7 +20875,7 @@ CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During
 CVE-2022-0010
 	RESERVED
 CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...)
-	TODO: check
+	NOT-FOR-US: spatie/laravel-medialibrary
 CVE-2021-45039
 	RESERVED
 CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
@@ -23654,7 +23654,7 @@ CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malici
 CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...)
 	- jspwiki <removed>
 CVE-2021-44139 (Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). ...)
-	TODO: check
+	NOT-FOR-US: alibaba/Sentinel
 CVE-2021-44138
 	RESERVED
 CVE-2021-44137
@@ -25999,7 +25999,7 @@ CVE-2021-43702
 CVE-2021-43701
 	RESERVED
 CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...)
-	TODO: check
+	NOT-FOR-US: ApiManager
 CVE-2021-43699
 	RESERVED
 CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
@@ -33214,7 +33214,8 @@ CVE-2021-41738
 CVE-2021-41737
 	RESERVED
 CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the  ...)
-	TODO: check
+	- faust <unfixed>
+	NOTE: https://github.com/grame-cncm/faust/issues/653
 CVE-2021-41735
 	RESERVED
 CVE-2021-41734
@@ -37964,9 +37965,9 @@ CVE-2021-39795
 CVE-2021-39794
 	RESERVED
 CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possibl ...)
-	TODO: check
+	NOT-FOR-US: Pixel
 CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...)
-	TODO: check
+	NOT-FOR-US: Android kernel patches
 CVE-2021-39791
 	RESERVED
 CVE-2021-39790



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80ae626b4db15bc6411395c9f1035d4cd2f02a71...b15ab3c2ed6ac28599449a24ba820d8074dbef13

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/80ae626b4db15bc6411395c9f1035d4cd2f02a71...b15ab3c2ed6ac28599449a24ba820d8074dbef13
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/4f44b875/attachment.htm>