Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcd71852 by Moritz Muehlenhoff at 2021-02-11T10:53:03+01:00
new ruby-carrierwave, helm-kubernetes, node-marked issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14212,13 +14212,18 @@ CVE-2021-21308
CVE-2021-21307
RESERVED
CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm
package "ma ...)
- TODO: check
+ - node-marked <unfixed>
+ NOTE:
https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
+ NOTE:
https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
+ TODO: might not affect <= 0.8, needs to be verified
CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple
and flex ...)
- TODO: check
+ - ruby-carrierwave <unfixed>
+ NOTE:
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
+ NOTE:
https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7
CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's
DynamoDB. In Dy ...)
- TODO: check
+ NOT-FOR-US: Dynamoose
CVE-2021-21303 (Helm is open-source software which is essentially "The
Kubernetes Pack ...)
- TODO: check
+ - helm-kubernetes <itp> (bug #910799)
CVE-2021-21302
RESERVED
CVE-2021-21301
@@ -14230,17 +14235,17 @@ CVE-2021-21298
CVE-2021-21297
RESERVED
CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before
version 3.7.0 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2021-21295
RESERVED
CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala
interface f ...)
- TODO: check
+ NOT-FOR-US: Http4s
CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines,
with a f ...)
- TODO: check
+ NOT-FOR-US: blaez
CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar
before versi ...)
NOT-FOR-US: Traccar
CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file
server th ...)
- TODO: check
+ NOT-FOR-US: OAuth2 Proxy
CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network
application ...)
- netty <unfixed>
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
@@ -14255,7 +14260,9 @@ CVE-2021-21289 (Mechanize is an open-source ruby
library that makes automated we
NOTE:
https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c
(v2.7.7)
NOTE: Test warnings fixup:
https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093
(v2.7.7)
CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple
and flex ...)
- TODO: check
+ - ruby-carrierwave <unfixed>
+ NOTE:
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
+ NOTE:
https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0
CVE-2021-21287 (MinIO is a High Performance Object Storage released under
Apache Licen ...)
- minio <itp> (bug #859207)
CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It
is simi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd71852295bc7b8d53fa9bfed2654d6612d4868
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
