[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 29 21:16:57 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45bf3b22 by Salvatore Bonaccorso at 2022-08-29T22:15:24+02:00
Process some NFUs
Those are from INTEL-SA-00621 but affecting either Windows systems or
UEFI firmware.
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
- - - - -
c3b90729 by Salvatore Bonaccorso at 2022-08-29T22:15:26+02:00
Add firmware-nonfree CVEs from INTEL-SA-00621
Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53581,7 +53581,10 @@ CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.300
CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
NOT-FOR-US: Adobe
CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
- TODO: check
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
+ NOTE: Fixed upstream in 20220815
+ TODO: double-check
CVE-2021-44457
RESERVED
CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
@@ -53593,11 +53596,14 @@ CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerou
CVE-2021-26946
RESERVED
CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...)
- TODO: check
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
+ NOTE: Fixed upstream in 20220815
+ TODO: double-check
CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
NOT-FOR-US: Intel
CVE-2021-23145
@@ -54540,23 +54546,23 @@ CVE-2021-44478 (A vulnerability has been identified in Polarion ALM (All version
CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
NOT-FOR-US: McAfee
CVE-2022-21240 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may allow a ...)
NOT-FOR-US: Intel
CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
NOT-FOR-US: Intel
CVE-2022-21212 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21197 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21172 (Out of bounds write for some Intel(R) PROSet/Wireless WiFi products ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21160 (Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi pr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21140 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21139 (Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
NOT-FOR-US: Intel
CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...)
@@ -54568,7 +54574,10 @@ CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() fu
CVE-2021-4036
RESERVED
CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
- TODO: check
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
+ NOTE: Fixed upstream in 20220815
+ TODO: double-check
CVE-2021-37405
RESERVED
CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...)
@@ -54582,7 +54591,10 @@ CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wirel
CVE-2021-26251
RESERVED
CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...)
- TODO: check
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
+ NOTE: Fixed upstream in 20220815
+ TODO: double-check
CVE-2021-23179 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...)
NOT-FOR-US: Intel
CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
@@ -58244,7 +58256,10 @@ CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Bui
CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
NOT-FOR-US: Intel
CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...)
- TODO: check
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html
+ NOTE: Fixed upstream in 20220815
+ TODO: double-check
CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow an au ...)
NOT-FOR-US: Intel
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc69ffc860127a557f636b2c4fa58e31d0e738d5...c3b90729273d5fd121f236bc2380cf9658e8c5df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc69ffc860127a557f636b2c4fa58e31d0e738d5...c3b90729273d5fd121f236bc2380cf9658e8c5df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220829/00e4e56c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list