[Git][security-tracker-team/security-tracker][master] Re-associate some older NFUs to now packaged matrix-sydent

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 5 07:04:05 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b29b5232 by Salvatore Bonaccorso at 2023-08-05T08:03:28+02:00
Re-associate some older NFUs to now packaged matrix-sydent

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -167209,13 +167209,17 @@ CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin f
 CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...)
 	NOT-FOR-US: wagtail
 CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...)
-	NOT-FOR-US: Matrix Sydent
+	- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
 CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
-	NOT-FOR-US: Matrix Sydent
+	- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
 CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...)
-	NOT-FOR-US: Matrix Sydent
+	- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4
 CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...)
-	NOT-FOR-US: Matrix Sydent
+	- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9
 CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
 	- gradle <unfixed> (bug #987284)
 	[bookworm] - gradle <ignored> (Minor issue)
@@ -297953,7 +297957,7 @@ CVE-2019-11342
 CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
 	NOT-FOR-US: Samsung
 CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...)
-	NOT-FOR-US: Matrix Sydent
+	- matrix-sydent <not-affected> (Fixed before initial upload to Debian)
 CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
 	- ffmpeg 7:4.1.3-1
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230805/6c153f4a/attachment.htm>


More information about the debian-security-tracker-commits mailing list