[Git][security-tracker-team/security-tracker][master] one xen issue n/a for bullseye
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 14 18:28:58 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a67ea1a by Moritz Muehlenhoff at 2021-06-14T19:25:55+02:00
one xen issue n/a for bullseye
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14177,6 +14177,7 @@ CVE-2021-28694
CVE-2021-28693 [xen/arm: Boot modules are not scrubbed]
RESERVED
- xen <unfixed>
+ [buster] - xen <not-affected> (Only affects 4.12 and later)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-372.html
CVE-2021-28692 [inappropriate x86 IOMMU timeout detection / handling]
@@ -28742,11 +28743,11 @@ CVE-2021-22552
CVE-2021-22551
RESERVED
CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
- TODO: check
+ NOT-FOR-US: Asylo
CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...)
- TODO: check
+ NOT-FOR-US: Asylo
CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...)
- TODO: check
+ NOT-FOR-US: Asylo
CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
NOT-FOR-US: Google Cloud IoT Device SDK
CVE-2021-22546
@@ -29407,23 +29408,23 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5
NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
- ntpsec <unfixed>
NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a67ea1a837f346055ff693562ea3be36a419f89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a67ea1a837f346055ff693562ea3be36a419f89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/db1b4f32/attachment.htm>
More information about the debian-security-tracker-commits
mailing list