mark some linux issues as <postponed> for buster

podofo unimportant
add openwall refs for nim issues

3 files changed, 8 insertions, 4 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index a987d2e603..52619b55c6 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1137,11 +1137,9 @@ CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis
 CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)
 	NOT-FOR-US: pfSense
 CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...)
-	- libpodofo <unfixed> (low; bug #923415)
-	[buster] - libpodofo <no-dsa> (Minor issue)
-	[stretch] - libpodofo <no-dsa> (Minor issue)
-	[jessie] - libpodofo <no-dsa> (Minor issue)
+	- libpodofo <unfixed> (unimportant; bug #923415)
 	NOTE: https://sourceforge.net/p/podofo/tickets/34/
+	NOTE: Negligible security impact
 CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...)
 	- glibc <unfixed> (unimportant)
 	- eglibc <removed> (unimportant)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 78becbe43e..a4b237b449 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -12352,6 +12352,8 @@ CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and pri
 	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
 	- linux <unfixed>
+	[bullseye] - linux <postponed> (Minor issue, revisit when fixed upstream)
+	[buster] - linux <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...)
@@ -14486,6 +14488,7 @@ CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There
 	[stretch] - linux 4.9.184-1
 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
 	- linux <unfixed>
+	[bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 5f9dc3346b..a352077e7c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -32989,14 +32989,17 @@ CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly
 	- nim 1.2.6-1
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <no-dsa> (Minor issue)
+	NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
 	- nim 1.2.6-1
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <no-dsa> (Minor issue)
+	NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
 	- nim 1.2.6-1
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <no-dsa> (Minor issue)
+	NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1
 CVE-2020-15691
 	RESERVED
 CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...)