[Git][security-tracker-team/security-tracker][master] one xen issue n/a for bullseye

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a67ea1a by Moritz Muehlenhoff at 2021-06-14T19:25:55+02:00
one xen issue n/a for bullseye
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14177,6 +14177,7 @@ CVE-2021-28694
 CVE-2021-28693 [xen/arm: Boot modules are not scrubbed]
 	RESERVED
 	- xen <unfixed>
+	[buster] - xen <not-affected> (Only affects 4.12 and later)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-372.html
 CVE-2021-28692 [inappropriate x86 IOMMU timeout detection / handling]
@@ -28742,11 +28743,11 @@ CVE-2021-22552
 CVE-2021-22551
 	RESERVED
 CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
-	TODO: check
+	NOT-FOR-US: Asylo
 CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...)
-	TODO: check
+	NOT-FOR-US: Asylo
 CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...)
-	TODO: check
+	NOT-FOR-US: Asylo
 CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
 	NOT-FOR-US: Google Cloud IoT Device SDK
 CVE-2021-22546
@@ -29407,23 +29408,23 @@ CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5
 	NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
 CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
 	- ntpsec <unfixed>
 	NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a67ea1a837f346055ff693562ea3be36a419f89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a67ea1a837f346055ff693562ea3be36a419f89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/db1b4f32/attachment.htm>