[Git][security-tracker-team/security-tracker][master] new chromium issue

Wed, 24 Nov 2021 02:23:35 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a684ae4 by Moritz Muehlenhoff at 2021-11-24T11:22:45+01:00
new chromium issue
NFUs
resolve some TODOs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18100,7 +18100,8 @@ CVE-2021-38006
 CVE-2021-38005
        RESERVED
 CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome 
prior to  ...)
-       TODO: check
+       - chromium <unfixed>
+       [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 
95.0.4638 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
@@ -43370,9 +43371,9 @@ CVE-2021-27838
 CVE-2021-27837
        RESERVED
 CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in 
xls.c in  ...)
-       - r-cran-readxl <undetermined>
+       - r-cran-readxl <unfixed> (unimportant)
        NOTE: https://github.com/libxls/libxls/issues/94
-       TODO: check
+       NOTE: Negligible security impact
 CVE-2021-27835
        RESERVED
 CVE-2021-27834
@@ -46916,7 +46917,6 @@ CVE-2021-26314 (Potential floating point value 
injection in all supported CPU pr
        NOTE: 
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
        NOTE: Claimed to not affect Xen, Cf. 
https://xenbits.xen.org/xsa/advisory-375.html in
        NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
-       TODO: check
 CVE-2021-26313 (Potential speculative code store bypass in all supported CPU 
products, ...)
        {DSA-4931-1}
        - xen 4.14.2+25-gb6a8c4f72d-1
@@ -47855,7 +47855,7 @@ CVE-2021-25988
 CVE-2021-25987
        RESERVED
 CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: Django-wiki
 CVE-2021-25985 (In Factor (App Framework &amp; Headless CMS) v1.0.4 to 
v1.8.30, improp ...)
        NOT-FOR-US: Factor (App Framework & Headless CMS)
 CVE-2021-25984 (In Factor (App Framework &amp; Headless CMS) forum plugin, 
versions v1 ...)
@@ -53891,7 +53891,7 @@ CVE-2021-23434 (This affects the package object-path 
before 0.11.6. A type confu
        NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
        NOTE: 
https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
 CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable 
to Protot ...)
-       TODO: check
+       NOT-FOR-US: Node algoliasearch-helper
 CVE-2021-23432 (This affects all versions of package mootools. This is due to 
the abil ...)
        NOT-FOR-US: Node mootools
 CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site 
Request F ...)
@@ -57082,7 +57082,7 @@ CVE-2021-22055
 CVE-2021-22054
        RESERVED
 CVE-2021-22053 (Applications using both 
`spring-cloud-netflix-hystrix-dashboard` and ` ...)
-       TODO: check
+       NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and 
spring-boot-starter-thymeleaf
 CVE-2021-22052
        RESERVED
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to 
specifically ...)
@@ -57128,11 +57128,11 @@ CVE-2021-22032
 CVE-2021-22031
        RESERVED
 CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, 
certain ...)
-       TODO: check
+       NOT-FOR-US: Greenplum
 CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service 
vulnera ...)
        NOT-FOR-US: VMware
 CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, 
greenplu ...)
-       TODO: check
+       NOT-FOR-US: Greenplum
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)
        NOT-FOR-US: VMware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) 
contains a Serv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a684ae47475bbf7827b1e5643d97d570d96bff5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to