[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2021-27379/xen

Salvatore Bonaccorso carnil at debian.org
Thu Feb 18 20:29:30 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3d41057 by Salvatore Bonaccorso at 2021-02-18T21:19:13+01:00
Add CVE-2021-27379/xen

- - - - -
7f652621 by Salvatore Bonaccorso at 2021-02-18T21:22:09+01:00
CVE-2021-26933: Update end-of-life entry

As the referenced commit leads to a 404 on gitlab.com. This is in sync
with previous markings as well.

- - - - -
a8771e09 by Salvatore Bonaccorso at 2021-02-18T21:28:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,7 +43,8 @@ CVE-2021-27381
 CVE-2021-27380
 	RESERVED
 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM  ...)
-	TODO: check
+	- xen <unfixed>
+	NOTE: https://xenbits.xen.org/xsa/advisory-366.html
 CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust.  ...)
 	- rust-rand-core <unfixed>
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
@@ -134,7 +135,7 @@ CVE-2021-27337
 CVE-2021-27336
 	RESERVED
 CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...)
-	TODO: check
+	NOT-FOR-US: KollectApps
 CVE-2021-27334
 	RESERVED
 CVE-2021-27333
@@ -146,7 +147,7 @@ CVE-2021-27331
 CVE-2021-27330
 	RESERVED
 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
-	TODO: check
+	NOT-FOR-US: Friendica
 CVE-2021-27328
 	RESERVED
 CVE-2021-27327
@@ -995,7 +996,7 @@ CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16
 	NOTE: update SUPPORT.md to explicitly document the fact.
 CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is  ...)
 	- xen <unfixed>
-	[stretch] - xen <end-of-life> (not supported; see https://gitlab.com/freexian-lts/debian-lts/-/commit/1b701a243a893d6cce6e59778b525407d560ab91)
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-364.html
 CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
 	- linux <unfixed>
@@ -1058,7 +1059,7 @@ CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows una
 CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
 	NOT-FOR-US: NetMotion Mobility
 CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
-	TODO: check
+	NOT-FOR-US: Canary Mail
 CVE-2021-26909
 	RESERVED
 CVE-2021-26908
@@ -2596,7 +2597,7 @@ CVE-2020-36235 (Affected versions of Atlassian Jira Server and Data Center allow
 CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-36232
 	RESERVED
 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -3102,7 +3103,7 @@ CVE-2021-26070
 CVE-2021-26069
 	RESERVED
 CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote  ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26066
@@ -15380,7 +15381,7 @@ CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=
 CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-35577 (In Endalia Selection Portal before 4.205.0, an Insecure Direct Object  ...)
-	TODO: check
+	NOT-FOR-US: Endalia Selection Portal
 CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...)
@@ -21270,7 +21271,7 @@ CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid a
 CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user  ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2020-29453 (The CachingResourceDownloadRewriteRule class in Jira Server and Jira D ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29452
 	RESERVED
 CVE-2020-29451 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -21280,7 +21281,7 @@ CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center
 CVE-2020-29449
 	RESERVED
 CVE-2020-29448 (The ConfluenceResourceDownloadRewriteRule class in Confluence Server a ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca...a8771e097369549ff415a97ef3d757c36b4c0142

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6bb94e7cc19858d4206ec6ac826fff95c76a3ca...a8771e097369549ff415a97ef3d757c36b4c0142
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210218/5d8300d3/attachment.html>

More information about the debian-security-tracker-commits mailing list