[Git][security-tracker-team/security-tracker][master] add details for gnome-shell issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 9 14:39:14 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b805a21 by Moritz Muehlenhoff at 2021-12-09T15:38:43+01:00
add details for gnome-shell issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -576,7 +576,7 @@ CVE-2021-43353
 CVE-2021-41836
 	RESERVED
 CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-44539
@@ -1647,7 +1647,7 @@ CVE-2021-44151
 CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
 	NOT-FOR-US: tusdotnet
 CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through  ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
 	NOT-FOR-US: GL.iNet
 CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
@@ -1942,7 +1942,9 @@ CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to
 	RESERVED
 	- gnome-shell <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
-	TODO: recheck classification when RH provides more information
+	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
+	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284
+	TODO: check whether Debian's gnome-shell package uses CAP_SYS_NICE
 CVE-2021-3981
 	RESERVED
 CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
@@ -2115,7 +2117,7 @@ CVE-2021-43965
 CVE-2021-43964
 	RESERVED
 CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Sync Gateway
 CVE-2021-43962
 	RESERVED
 CVE-2021-43961



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b805a215aebc30190b801200ea5a7bb1446308b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b805a215aebc30190b801200ea5a7bb1446308b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211209/e175bed5/attachment.htm>

More information about the debian-security-tracker-commits mailing list