[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Feb 3 11:00:09 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce5b21c8 by Neil Williams at 2022-02-03T10:59:51+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16211,7 +16211,7 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds wit
 	[buster] - npm <no-dsa> (Minor issue)
 	NOTE: https://github.com/npm/cli/issues/2701
 CVE-2021-43615 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-43614
 	RESERVED
 CVE-2021-43613
@@ -16583,7 +16583,7 @@ CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of spe
 	NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1
 	NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174
 CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...)
 	- accountsservice <not-affected> (Ubuntu specific patch)
 	NOTE: https://ubuntu.com/security/CVE-2021-3939
@@ -17090,7 +17090,7 @@ CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a te
 CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
 	NOT-FOR-US: LibreNMS
 CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel  ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-43322
 	RESERVED
 CVE-2021-43321
@@ -19903,7 +19903,7 @@ CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive e
 CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
 	NOT-FOR-US: Pexip Infinity
 CVE-2021-42554 (SMM memory corruption vulnerability allowing a possible attacker to wr ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-3892
 	REJECTED
 CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...)
@@ -22165,7 +22165,7 @@ CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnera
 	NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
 	NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
 CVE-2021-42113 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
@@ -22326,9 +22326,9 @@ CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zu
 	- zulip-server <itp> (bug #800052)
 	NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
 CVE-2021-42060 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-42059 (Stack overflow vulnerability that allows a local root user to access U ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-42058
 	RESERVED
 CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
@@ -42891,11 +42891,11 @@ CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when build
 CVE-2021-33628
 	RESERVED
 CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
 	NOT-FOR-US: Insyde
 CVE-2021-33625 (An issue was discovered in Kernel 5.x (starting from 5.1) in Insyde In ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch  ...)
 	{DLA-2785-1}
 	- linux 5.10.46-1
@@ -144094,7 +144094,7 @@ CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O
 CVE-2020-5954
 	RESERVED
 CVE-2020-5953 (A vulnerability exists in System Management Interrupt (SWSMI) handler  ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2020-5952
 	RESERVED
 CVE-2020-5951



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b21c8e3e46da28d2a42a852b465fbeec4d056

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b21c8e3e46da28d2a42a852b465fbeec4d056
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/785f1d16/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list