From c2ab014a002af7c1b23b585c55d68539d89b5b20 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 4 Mar 2021 11:29:46 +0100
Subject: final polishing

---
 data/CVE/2021.list | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'data')

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index b0c0538050..0ac94fcd2a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -11,7 +11,7 @@ CVE-2021-27942
 CVE-2021-27941
 	RESERVED
 CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
-	TODO: check
+	NOT-FOR-US: openark
 CVE-2021-27939
 	RESERVED
 CVE-2021-27938
@@ -4563,7 +4563,7 @@ CVE-2021-25916
 CVE-2021-25915
 	RESERVED
 CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0  ...)
-	TODO: check
+	NOT-FOR-US: object-collider
 CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...)
 	NOT-FOR-US: Node set-or-get
 CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
@@ -6101,6 +6101,7 @@ CVE-2021-25290
 CVE-2021-25289
 	RESERVED
 	- pillow 8.1.1-1
+	[buster] - pillow <not-affected> (Vulnerable code not present)
 	NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
 CVE-2021-25288
 	RESERVED
@@ -10245,7 +10246,7 @@ CVE-2021-23349
 CVE-2021-23348
 	RESERVED
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
-	TODO: check
+	NOT-FOR-US: argo-cd
 CVE-2021-23346
 	RESERVED
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
-- 
cgit v1.2.3