Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: dcd71852 by Moritz Muehlenhoff at 2021-02-11T10:53:03+01:00 new ruby-carrierwave, helm-kubernetes, node-marked issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -14212,13 +14212,18 @@ CVE-2021-21308 CVE-2021-21307 RESERVED CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) - TODO: check + - node-marked <unfixed> + NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 + NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd + TODO: might not affect <= 0.8, needs to be verified CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - TODO: check + - ruby-carrierwave <unfixed> + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) - TODO: check + NOT-FOR-US: Dynamoose CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) - TODO: check + - helm-kubernetes <itp> (bug #910799) CVE-2021-21302 RESERVED CVE-2021-21301 @@ -14230,17 +14235,17 @@ CVE-2021-21298 CVE-2021-21297 RESERVED CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) - TODO: check + NOT-FOR-US: Fleet CVE-2021-21295 RESERVED CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...) - TODO: check + NOT-FOR-US: Http4s CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...) - TODO: check + NOT-FOR-US: blaez CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...) NOT-FOR-US: Traccar CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...) - TODO: check + NOT-FOR-US: OAuth2 Proxy CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) - netty <unfixed> NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 @@ -14255,7 +14260,9 @@ CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated we NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7) CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) - TODO: check + - ruby-carrierwave <unfixed> + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...) - minio <itp> (bug #859207) CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits