Update status for CVE-2021-40818/glewlwyd in buster

The FIDO2 signature validation code has been added only later making this CVE not affected for the buster version based on 1.4.9.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 07:00:56 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 07:00:56 +0100
commit: da38b47bab085061cb7b90f7f8e7e3bd87757df1 (patch)
tree: b344e5056af3f2823dc7a96552c7c628f49de238
parent: b6a371b65f9706f4de5088ff132ef8282a356af0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ce010b5151..2d64836344 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -8155,7 +8155,7 @@ CVE-2021-XXXX [jws alg:none signature verification issue]
 CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...)
 	- glewlwyd 2.5.2-3 (bug #993867)
 	[bullseye] - glewlwyd 2.5.2-2+deb11u1
-	[buster] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
+	[buster] - glewlwyd <not-affected> (Vulnerable code for FIDO2 signature validation introduced later)
 	NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
 CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...)
 	NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 07:00:56 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 07:00:56 +0100
commit	da38b47bab085061cb7b90f7f8e7e3bd87757df1 (patch)
tree	b344e5056af3f2823dc7a96552c7c628f49de238
parent	b6a371b65f9706f4de5088ff132ef8282a356af0 (diff)