[Git][security-tracker-team/security-tracker][master] Re-associate some older NFUs to now packaged matrix-sydent

Salvatore Bonaccorso (@carnil) Fri, 04 Aug 2023 23:04:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b29b5232 by Salvatore Bonaccorso at 2023-08-05T08:03:28+02:00
Re-associate some older NFUs to now packaged matrix-sydent

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -167209,13 +167209,17 @@ CVE-2021-29435 (trestle-auth is an authentication 
plugin for the Trestle admin f
 CVE-2021-29434 (Wagtail is a Django content management system. In affected 
versions of ...)
        NOT-FOR-US: wagtail
 CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent 
versions 2.2.0 ...)
-       NOT-FOR-US: Matrix Sydent
+       - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553
 CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user 
could a ...)
-       NOT-FOR-US: Matrix Sydent
+       - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
 CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be 
induced to ...)
-       NOT-FOR-US: Matrix Sydent
+       - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4
 CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not 
limit th ...)
-       NOT-FOR-US: Matrix Sydent
+       - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9
 CVE-2021-29429 (In Gradle before version 7.0, files created with open 
permissions in t ...)
        - gradle <unfixed> (bug #987284)
        [bookworm] - gradle <ignored> (Minor issue)
@@ -297953,7 +297957,7 @@ CVE-2019-11342
 CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical 
access can ...)
        NOT-FOR-US: Samsung
 CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles 
registrati ...)
-       NOT-FOR-US: Matrix Sydent
+       - matrix-sydent <not-affected> (Fixed before initial upload to Debian)
 CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in 
FFmpeg 4.0 ...)
        - ffmpeg 7:4.1.3-1
        [stretch] - ffmpeg <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b29b52322e61d3cc3c0eb908ddf717f41cebe39b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Re-associate some older NFUs to now packaged matrix-sydent

Reply via email to