From 286369ee674276e0fd3de085ee5a096ca21af9c1 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 16 Nov 2021 14:49:00 +0100 Subject: NFUS resolve TODO for older golang versions --- data/CVE/2021.list | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 36cc987f19..0a64f53449 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -5737,19 +5737,19 @@ CVE-2021-41271 (Discourse is a platform for community discussion. In affected ve CVE-2021-41270 RESERVED CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...) - TODO: check + NOT-FOR-US: cron-utils Java library CVE-2021-41268 RESERVED CVE-2021-41267 RESERVED CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...) - TODO: check + NOT-FOR-US: Minio console CVE-2021-41265 RESERVED CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...) - TODO: check + NOT-FOR-US: rails_multisite CVE-2021-41262 RESERVED CVE-2021-41261 @@ -10629,7 +10629,7 @@ CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Richdocuments CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) NOT-FOR-US: Nextcloud Contacts CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) @@ -12824,10 +12824,13 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to bl CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...) - golang-1.17 1.17.2-1 - golang-1.16 1.16.9-1 + - golang-1.11 + [buster] - golang-1.11 (Minor issue) + - golang-1.8 (Vulnerable code not present) + - golang-1.7 (Vulnerable code not present) NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4 NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A NOTE: https://github.com/golang/go/issues/48797 - TODO: check older branches CVE-2021-38296 RESERVED CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...) -- cgit v1.2.3