[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 21 21:20:15 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32052e3f by Salvatore Bonaccorso at 2021-05-21T22:19:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1829,7 +1829,7 @@ CVE-2021-32636
 CVE-2021-32635
 	RESERVED
 CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
-	TODO: check
+	NOT-FOR-US: NSA Emissary
 CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior  ...)
 	TODO: check
 CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
@@ -3147,7 +3147,7 @@ CVE-2021-32034
 CVE-2021-32033
 	RESERVED
 CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated  ...)
-	TODO: check
+	NOT-FOR-US: Trusted Firmware-M
 CVE-2021-32031
 	RESERVED
 CVE-2020-36362
@@ -4674,9 +4674,9 @@ CVE-2021-31477
 CVE-2021-31476
 	RESERVED
 CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -4746,7 +4746,7 @@ CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...)
 	TODO: check
 CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -9573,7 +9573,7 @@ CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2.
 CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...)
 	TODO: check
 CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...)
-	TODO: check
+	NOT-FOR-US: STMicroelectronics STM32L4 devices
 CVE-2021-29413
 	RESERVED
 CVE-2021-29412
@@ -13368,7 +13368,7 @@ CVE-2021-27813
 CVE-2021-27812
 	RESERVED
 CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...)
-	TODO: check
+	NOT-FOR-US: QibosoftX1
 CVE-2021-27810
 	RESERVED
 CVE-2021-27809
@@ -25933,7 +25933,7 @@ CVE-2021-22411
 CVE-2021-22410
 	RESERVED
 CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22408
 	RESERVED
 CVE-2021-22407
@@ -26073,7 +26073,7 @@ CVE-2021-22341
 CVE-2021-22340
 	RESERVED
 CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-22338
 	RESERVED
 CVE-2021-22337
@@ -45266,15 +45266,15 @@ CVE-2020-27214
 CVE-2020-27213
 	RESERVED
 CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect a ...)
-	TODO: check
+	NOT-FOR-US: STMicroelectronics STM32L4 devices
 CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper ...)
-	TODO: check
+	NOT-FOR-US: Nordic Semiconductor nRF52840 devices
 CVE-2020-27210
 	RESERVED
 CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...)
 	TODO: check
 CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced during the d ...)
-	TODO: check
+	NOT-FOR-US: SoloKeys Solo
 CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
 	NOT-FOR-US: Zetetic SQLCipher
 CVE-2020-27206
@@ -53362,7 +53362,7 @@ CVE-2020-23770
 CVE-2020-23769
 	RESERVED
 CVE-2020-23768 (An information disclosure vulnerability was discovered in alipay_funct ...)
-	TODO: check
+	NOT-FOR-US: Alibaba payment interface on PHPPYUN
 CVE-2020-23767
 	RESERVED
 CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on htmly v2.7. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32052e3f5c3c0484e25a17aeebb55f5c9f6c797a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32052e3f5c3c0484e25a17aeebb55f5c9f6c797a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/50b208e4/attachment.htm>

More information about the debian-security-tracker-commits mailing list