buster/bullseye triage

2 files changed, 15 insertions, 0 deletions

diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 71947b49bc..b2e5005981 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -6694,6 +6694,8 @@ CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0
 	NOT-FOR-US: libnested
 CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows  ...)
 	- node-getobject 1.0.2-1
+	[bullseye] - node-getobject <no-dsa> (Minor issue)
+	[buster] - node-getobject <no-dsa> (Minor issue)
 	NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
 CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...)
 	NOT-FOR-US: react-atomic-organism
@@ -21414,6 +21416,7 @@ CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was disco
 	- icu 67.1-2
 	NOTE: https://github.com/unicode-org/icu/pull/886
 	NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
+	NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9
 CVE-2020-21912
 	RESERVED
 CVE-2020-21911
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index b6b05e5ebf..a0cee53731 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1810,16 +1810,22 @@ CVE-2021-41460
 	RESERVED
 CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1912
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
 CVE-2021-41458
 	RESERVED
 CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1909
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619
 CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
 	- gpac <unfixed>
+	[buster] - gpac <not-affected> (Vulnerable code not present)
+	[stretch] - gpac <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/gpac/gpac/issues/1911
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e
 CVE-2021-41455
@@ -10785,6 +10791,8 @@ CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: https://github.com/Exiv2/exiv2/pull/1752
 CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
 	NOTE: https://github.com/Exiv2/exiv2/pull/1759
 CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
@@ -10792,10 +10800,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
 CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	- exiv2 <unfixed>
+	[bullseye] - exiv2 <ignored> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
 	NOTE: https://github.com/Exiv2/exiv2/pull/1758
 CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)