diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-01 09:35:51 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-11-01 09:35:51 +0100 |
| commit | ee366e83ac7160626a4f78878d1d434cf393a6c7 (patch) | |
| tree | 351c814f53dd1e691ad8e0b758790062867a8489 | |
| parent | 41da8e32a0bd94e16386c2eb94ac3827c0cea3ce (diff) | |
NFUs
remove TODO for libstd, codebases which embed it not security relevant
| -rw-r--r-- | data/CVE/2020.list | 2 | ||||
| -rw-r--r-- | data/CVE/2021.list | 24 |
2 files changed, 11 insertions, 15 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 439bd856f1..58090cfb5f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -57633,8 +57633,6 @@ CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb <unfixed> (unimportant; bug #949555) - [bullseye] - libstb <no-dsa> (Minor issue) - [buster] - libstb <no-dsa> (Minor issue) NOTE: https://github.com/nothings/stb/issues/866 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index d54140df2a..32a1556643 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -983,16 +983,14 @@ CVE-2021-3894 CVE-2021-42717 RESERVED CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...) - - libstb <undetermined> + - libstb <unfixed> NOTE: https://github.com/nothings/stb/issues/1166 NOTE: https://github.com/nothings/stb/issues/1225 NOTE: https://github.com/nothings/stb/pull/1223 - TODO: check libstb itself, and various packages embedd a copy CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...) - - libstb <undetermined> + - libstb <unfixed> NOTE: https://github.com/nothings/stb/issues/1224 NOTE: https://github.com/nothings/stb/pull/1223 - TODO: check libstb itself, and various packages embedd a copy CVE-2021-42714 RESERVED CVE-2021-42713 @@ -1034,7 +1032,7 @@ CVE-2021-42696 CVE-2021-42695 RESERVED CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...) - TODO: check + NOT-FOR-US: Unicode spec CVE-2021-42693 RESERVED CVE-2021-42692 @@ -4124,7 +4122,7 @@ CVE-2021-3813 CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) NOT-FOR-US: NETGEAR CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-41312 RESERVED CVE-2021-41311 @@ -4394,7 +4392,7 @@ CVE-2021-41196 CVE-2021-41195 RESERVED CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...) - TODO: check + NOT-FOR-US: FirstUseAuthenticator for JupyterHub CVE-2021-41193 RESERVED CVE-2021-41192 @@ -4453,9 +4451,9 @@ CVE-2021-41170 CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) NOT-FOR-US: Sulu CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) - TODO: check + NOT-FOR-US: Snudown CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) - TODO: check + NOT-FOR-US: modern-async CVE-2021-41166 RESERVED CVE-2021-41165 @@ -4501,9 +4499,9 @@ CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learni CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) NOT-FOR-US: Backstage CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...) - TODO: check + NOT-FOR-US: Tough CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) - TODO: check + NOT-FOR-US: Tough CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) NOT-FOR-US: Tuleap CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) @@ -11050,7 +11048,7 @@ CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 s NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...) - TODO: check + NOT-FOR-US: CFEngine Enterprise CVE-2021-38378 RESERVED CVE-2021-38377 @@ -14866,7 +14864,7 @@ CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks CVE-2021-36757 RESERVED CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...) - TODO: check + NOT-FOR-US: CFEngine Enterprise CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...) NOT-FOR-US: Nightscout Web Monitor CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...) |