new chromium issue

NFUs
resolve some TODOs

1 files changed, 9 insertions, 9 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 929a9b4761..e01e8ba850 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -14620,7 +14620,8 @@ CVE-2021-38006
 CVE-2021-38005
 	RESERVED
 CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to  ...)
-	TODO: check
+	- chromium <unfixed>
+	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -39159,9 +39160,9 @@ CVE-2021-27838
 CVE-2021-27837
 	RESERVED
 CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in  ...)
-	- r-cran-readxl <undetermined>
+	- r-cran-readxl <unfixed> (unimportant)
 	NOTE: https://github.com/libxls/libxls/issues/94
-	TODO: check
+	NOTE: Negligible security impact
 CVE-2021-27835
 	RESERVED
 CVE-2021-27834
@@ -42635,7 +42636,6 @@ CVE-2021-26314 (Potential floating point value injection in all supported CPU pr
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
 	NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
 	NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
-	TODO: check
 CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...)
 	{DSA-4931-1}
 	- xen 4.14.2+25-gb6a8c4f72d-1
@@ -43541,7 +43541,7 @@ CVE-2021-25988
 CVE-2021-25987
 	RESERVED
 CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: Django-wiki
 CVE-2021-25985 (In Factor (App Framework &amp; Headless CMS) v1.0.4 to v1.8.30, improp ...)
 	NOT-FOR-US: Factor (App Framework & Headless CMS)
 CVE-2021-25984 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1 ...)
@@ -49443,7 +49443,7 @@ CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confu
 	NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
 	NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
 CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...)
-	TODO: check
+	NOT-FOR-US: Node algoliasearch-helper
 CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
 	NOT-FOR-US: Node mootools
 CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
@@ -52501,7 +52501,7 @@ CVE-2021-22055
 CVE-2021-22054
 	RESERVED
 CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
-	TODO: check
+	NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
 CVE-2021-22052
 	RESERVED
 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
@@ -52547,11 +52547,11 @@ CVE-2021-22032
 CVE-2021-22031
 	RESERVED
 CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...)
-	TODO: check
+	NOT-FOR-US: Greenplum
 CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...)
 	NOT-FOR-US: VMware
 CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...)
-	TODO: check
+	NOT-FOR-US: Greenplum
 CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
 	NOT-FOR-US: VMware
 CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)