[Git][security-tracker-team/security-tracker][master] linux n/a

Moritz Muehlenhoff jmm at debian.org
Tue Mar 2 14:26:59 GMT 2021



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
196496f6 by Moritz Muehlenhoff at 2021-03-02T15:26:26+01:00
linux n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -206,7 +206,7 @@ CVE-2021-27806
 CVE-2021-27805
 	RESERVED
 CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...)
-	TODO: check
+	- jpeg-xl <itp> (bug #948862)
 CVE-2021-27802
 	RESERVED
 CVE-2021-27801
@@ -3704,7 +3704,7 @@ CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield
 CVE-2021-26275
 	RESERVED
 CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-36239
 	RESERVED
 CVE-2020-36238
@@ -13304,7 +13304,8 @@ CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1
 CVE-2021-21975
 	RESERVED
 CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...)
-	TODO: check
+	NOT-FOR-US: VMware
+	NOTE: Might affect src:openslp-dfsg, but removed years ago
 CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...)
 	NOT-FOR-US: VMware
 CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
@@ -27478,22 +27479,22 @@ CVE-2021-0408
 CVE-2021-0407
 	RESERVED
 CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0400
 	RESERVED
 CVE-2021-0399
 	RESERVED
-	- linux <undetermined>
+	- linux <not-affected> (Android-specific xt_qtaguid code)
 	NOTE: https://source.android.com/security/bulletin/2021-03-01
 CVE-2021-0398
 	RESERVED
@@ -27558,9 +27559,9 @@ CVE-2021-0369
 CVE-2021-0368
 	RESERVED
 CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use  ...)
 	NOT-FOR-US: Mediatek components for Android
 CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/196496f6f05442ec470390e75cc73eb733ef0bf5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/196496f6f05442ec470390e75cc73eb733ef0bf5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210302/4bee99f4/attachment.htm>


More information about the debian-security-tracker-commits mailing list