From 5f14da3b1fbd21646b4bfcbaafa4aee11df6644d Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 16 Nov 2021 14:03:40 +0100 Subject: nomad n/a add note for pdf2json --- data/CVE/2020.list | 4 ++++ data/CVE/2021.list | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index ba24700f48..20d8e65506 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -17376,8 +17376,12 @@ CVE-2020-23880 RESERVED CVE-2020-23879 (pdf2json v0.71 was discovered to contain a NULL pointer dereference in ...) NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler CVE-2020-23878 (pdf2json v0.71 was discovered to contain a stack buffer overflow in th ...) NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler CVE-2020-23877 (pdf2xml v2.0 was discovered to contain a stack buffer overflow in the ...) NOT-FOR-US: pdf2xml CVE-2020-23876 (pdf2xml v2.0 was discovered to contain a memory leak in the function T ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0478a314a7..36cc987f19 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4346,11 +4346,10 @@ CVE-2021-3853 CVE-2021-3852 RESERVED CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) - - nomad + - nomad (Only affects 1.1.x) NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311 NOTE: https://github.com/hashicorp/nomad/issues/11243 NOTE: https://github.com/hashicorp/nomad/pull/11257 - TODO: check CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a -- cgit v1.2.3