[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 22 Apr 2021 01:55:31 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
caccc624 by Moritz Muehlenhoff at 2021-04-22T10:54:27+02:00
NFUs
commit ref for sidekiq

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3030,6 +3030,7 @@ CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 
6.2.0 allows XSS via the q
        - ruby-sidekiq <unfixed>
        [stretch] - ruby-sidekiq <no-dsa> (Minor issue)
        NOTE: https://github.com/mperham/sidekiq/issues/4852
+       NOTE: 
https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
 CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
        NOT-FOR-US: Composr
 CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
@@ -4565,7 +4566,7 @@ CVE-2021-29462 (The Portable SDK for UPnP Devices is an 
SDK for development of U
        NOTE: 
https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
        NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
 CVE-2021-29461 (### Impact - This issue could be exploited to read internal 
files from ...)
-       TODO: check
+       NOT-FOR-US: Discord-Recon
 CVE-2021-29460
        RESERVED
 CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -7480,7 +7481,7 @@ CVE-2021-28169
 CVE-2021-28168
        RESERVED
 CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the 
jdk.internal.reflect ...)
-       TODO: check
+       NOT-FOR-US: Eclipse OpenJ9
 CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an 
authenticated clien ...)
        - mosquitto 2.0.10-1 (bug #986701)
        [buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
@@ -22907,9 +22908,9 @@ CVE-2020-36122
 CVE-2020-36121
        RESERVED
 CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function 
of Libsix ...)
-       - libsixel <undetermined>
+       - libsixel <unfixed>
+       [buster] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/143
-       TODO: check details
 CVE-2020-36119
        RESERVED
 CVE-2020-36118



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caccc6243e3cac19fa92cb47acd61225f79cb214

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caccc6243e3cac19fa92cb47acd61225f79cb214
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to