[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Tue Jan 25 10:54:11 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f2078e7 by Neil Williams at 2022-01-25T10:53:43+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6738,7 +6738,7 @@ CVE-2021-4173 (vim is vulnerable to Use After Free ...)
 	NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
 CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
-	TODO: check
+	NOT-FOR-US: showdoc
 CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: calibre-web
 CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
@@ -10070,7 +10070,7 @@ CVE-2021-23148
 CVE-2021-44759
 	RESERVED
 CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
-	TODO: check
+	NOT-FOR-US: mcafee
 CVE-2021-4087
 	RESERVED
 CVE-2021-4086
@@ -68848,7 +68848,8 @@ CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled diffe
 CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead  ...)
 	TODO: check
 CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
-	TODO: check
+	NOT-FOR-US: Google reference COVID19 exposure verification component
+	NOTE: https://github.com/google/exposure-notifications-verification-server
 CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
 	- jpeg-xl <not-affected> (Fixed with initial upload to Debian)
 	NOTE: https://github.com/libjxl/libjxl/issues/708
@@ -76468,7 +76469,7 @@ CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to comm
 CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication  ...)
 	NOT-FOR-US: Trendnet
 CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...)
 	NOT-FOR-US: Trendnet
 CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f2078e73d22facb47bc3a69decdc9d8fb0ecf8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f2078e73d22facb47bc3a69decdc9d8fb0ecf8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/b8375f0e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list