[Git][security-tracker-team/security-tracker][master] Associate some NFUs with barebox itp'ed entry

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 21 11:31:31 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc9cd7b5 by Salvatore Bonaccorso at 2026-03-21T12:30:58+01:00
Associate some NFUs with barebox itp'ed entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -431372,9 +431372,9 @@ CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and busin
 CVE-2021-37849
 	RESERVED
 CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...)
-	NOT-FOR-US: Pengutronix Barebox
+	- barebox <itp> (bug #900958)
 CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing  ...)
-	NOT-FOR-US: Pengutronix Barebox
+	- barebox <itp> (bug #900958)
 CVE-2021-37846
 	RESERVED
 CVE-2021-37845 (An issue was discovered in Citadel through webcit-932. A meddler-in-th ...)
@@ -521750,7 +521750,7 @@ CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local
 CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
 	NOT-FOR-US: Your Online Shop
 CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...)
-	NOT-FOR-US: Pengutronix Barebox
+	- barebox <itp> (bug #900958)
 CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...)
 	NOT-FOR-US: Laravel Ignition component
 CVE-2020-13908
@@ -568907,9 +568907,9 @@ CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-ze
 	NOTE: https://github.com/OpenCV/opencv/issues/15287
 	NOTE: https://github.com/opencv/opencv/pull/15382
 CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
-	NOT-FOR-US: Pengutronix barebox
+	- barebox <itp> (bug #900958)
 CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
-	NOT-FOR-US: Pengutronix barebox
+	- barebox <itp> (bug #900958)
 CVE-2019-15936 (Intesync Solismed 3.3sp allows Insecure File Upload.)
 	NOT-FOR-US: Intesync Solismed
 CVE-2019-15935 (Intesync Solismed 3.3sp has XSS.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9cd7b5add584d081096e553a538bdd86350aa9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc9cd7b5add584d081096e553a538bdd86350aa9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/09ff1378/attachment.htm>

More information about the debian-security-tracker-commits mailing list