[Git][security-tracker-team/security-tracker][master] new chromium issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 24 10:23:25 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a684ae4 by Moritz Muehlenhoff at 2021-11-24T11:22:45+01:00
new chromium issue
NFUs
resolve some TODOs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18100,7 +18100,8 @@ CVE-2021-38006
 CVE-2021-38005
 	RESERVED
 CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to  ...)
-	TODO: check
+	- chromium <unfixed>
+	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -43370,9 +43371,9 @@ CVE-2021-27838
 CVE-2021-27837
 	RESERVED
 CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in  ...)
-	- r-cran-readxl <undetermined>
+	- r-cran-readxl <unfixed> (unimportant)
 	NOTE: https://github.com/libxls/libxls/issues/94
-	TODO: check
+	NOTE: Negligible security impact
 CVE-2021-27835
 	RESERVED
 CVE-2021-27834
@@ -46916,7 +46917,6 @@ CVE-2021-26314 (Potential floating point value injection in all supported CPU pr
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
 	NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
 	NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
-	TODO: check
 CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...)
 	{DSA-4931-1}
 	- xen 4.14.2+25-gb6a8c4f72d-1
@@ -47855,7 +47855,7 @@ CVE-2021-25988
 CVE-2021-25987
 	RESERVED
 CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: Django-wiki
 CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...)
 	NOT-FOR-US: Factor (App Framework & Headless CMS)
 CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...)
@@ -53891,7 +53891,7 @@ CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confu
 	NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
 	NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
 CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...)
-	TODO: check
+	NOT-FOR-US: Node algoliasearch-helper
 CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
 	NOT-FOR-US: Node mootools
 CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
@@ -57082,7 +57082,7 @@ CVE-2021-22055
 CVE-2021-22054
 	RESERVED
 CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
-	TODO: check
+	NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
 CVE-2021-22052
 	RESERVED
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
@@ -57128,11 +57128,11 @@ CVE-2021-22032
 CVE-2021-22031
 	RESERVED
 CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...)
-	TODO: check
+	NOT-FOR-US: Greenplum
 CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...)
 	NOT-FOR-US: VMware
 CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...)
-	TODO: check
+	NOT-FOR-US: Greenplum
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
 	NOT-FOR-US: VMware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211124/1207692f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list