[Git][security-tracker-team/security-tracker][master] Re-associate some older NFUs to now packaged matrix-sydent
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 5 07:04:05 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b29b5232 by Salvatore Bonaccorso at 2023-08-05T08:03:28+02:00
Re-associate some older NFUs to now packaged matrix-sydent
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -167209,13 +167209,17 @@ CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin f
CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...)
NOT-FOR-US: wagtail
CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...)
- NOT-FOR-US: Matrix Sydent
+ - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
- NOT-FOR-US: Matrix Sydent
+ - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...)
- NOT-FOR-US: Matrix Sydent
+ - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4
CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...)
- NOT-FOR-US: Matrix Sydent
+ - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9
CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
- gradle <unfixed> (bug #987284)
[bookworm] - gradle <ignored> (Minor issue)
@@ -297953,7 +297957,7 @@ CVE-2019-11342
CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
NOT-FOR-US: Samsung
CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...)
- NOT-FOR-US: Matrix Sydent
+ - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
- ffmpeg 7:4.1.3-1
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230805/6c153f4a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list