7 files changed, 241 insertions, 161 deletions
diff --git a/conf/cvelist.el b/conf/cvelist.el
index 5e34f12a05..2c89c11ce5 100644
--- a/conf/cvelist.el
+++ b/conf/cvelist.el
@@ -1,24 +1,42 @@
-;; Major mode for Debian's CVE list
-;;
-;; Can be enabled via
-;;
-;; (autoload 'debian-cvelist-mode "cvelist.el"
-;;     "Major mode for debian CVE lists" t)
-;; (setq auto-mode-alist
-;;     (cons '("list" . debian-cvelist-mode) auto-mode-alist))
+;;; cvelist --- Major mode for Debian's CVE list
+;;;
+;;; Commentary:
+;;;   only useful for security-tracker-team/security-tracker.git's data/CVE/list
+;;;
+;;; Code:
+;;;   Guido Günther
+;;;   Moritz Muehlenhoff
+;;;   Sébastien Delafond
+;;;
+;;; Can be enabled via:
+;;;
+;;; (autoload 'debian-cvelist-mode "cvelist.el"
+;;;     "Major mode for debian CVE lists" t)
+;;; (setq auto-mode-alist
+;;;     (cons '("list" . debian-cvelist-mode) auto-mode-alist))
 
 (defun debian-cvelist-insert-not-for-us ()
-  "Insert NOT-FOR-US keyword"
+  "Insert NOT-FOR-US keyword."
   (interactive)
   (insert "\tNOT-FOR-US: "))
 
 (defun debian-cvelist-insert-note ()
-  "Insert NOTE comment"
+  "Insert NOTE comment."
   (interactive)
   (insert "\tNOTE: "))
 
+; TODO: Read supported distros from central config and prompt for applicable suites
+(defun debian-cvelist-insert-nodsa ()
+  "Insert no-dsa comment based on the current source entry."
+  (interactive)
+  (setq reason (read-string "Reason for no-dsa: " "Minor issue"))
+  (setq srcpkg (thing-at-point 'symbol))
+  (next-line)
+  (beginning-of-line)
+  (insert (concat "\t[buster] - " srcpkg " <no-dsa> (" reason ")\n" )))
+
 (defun debian-cvelist-cvesearch ()
-  "Look up a CVE ID at the MITRE website"
+  "Look up a CVE ID at the MITRE website."
   (interactive)
   (browse-url (concat "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" (thing-at-point 'symbol))))
 
@@ -27,11 +45,13 @@
      (define-key map (kbd "C-c C-f") 'debian-cvelist-insert-not-for-us)
      (define-key map (kbd "C-c C-n") 'debian-cvelist-insert-note)
      (define-key map (kbd "C-c C-c") 'debian-cvelist-cvesearch)
+     (define-key map (kbd "C-c C-l") 'debian-cvelist-insert-nodsa)
      map)
    "Keymap for `debian-cvelist-mode'.")
 
 (defvar debian-cvelist-font-lock-keywords
-  '(("^CVE-[0-9]\\{4\\}-[0-9X]\\{4,7\\}" (0 font-lock-function-name-face) ;; face for CVE keyword
+  '(("^CVE-[0-9]\\{4\\}-[0-9X]\\{4,7\\}"
+     (0 font-lock-function-name-face) ;; face for CVE keyword
      ("(\\(.+\\))$" nil nil (1 font-lock-warning-face))) ;; face for the rest of the line
     ("D[LS]A-[0-9]\\{4,5\\}-[0-9]" . font-lock-function-name-face)
     ("#[0-9]\\{1,7\\}" . font-lock-type-face)
@@ -40,24 +60,26 @@
     ("^\t\\(RESERVED\\|NOT-FOR-US\\|REJECTED\\)" . font-lock-keyword-face)
     ("\\<unfixed\\|undetermined\\>" . font-lock-warning-face)
     ("\\<end-of-life\\|not-affected\\|no-dsa\\|ignored\\|postponed\\>" . font-lock-constant-face))
-  "Keyword highlighting for `debian-cvelist-mode'")
+  "Keyword highlighting for `debian-cvelist-mode'.")
 
 (defun debian-cvelist-is-cve ()
+  "Checks if a current line is a CVE description."
   (save-excursion
     (beginning-of-line)
     (looking-at "[[:space:]]*CVE-")))
 
 (defun debian-cvelist-indent-line ()
-  "Indent current line as debian CVE list"
+  "Indent current line as debian CVE list."
   (beginning-of-line)
   (if (debian-cvelist-is-cve)
       (indent-line-to 0)
     (indent-line-to 8)))
 
 (define-derived-mode debian-cvelist-mode fundamental-mode "debian-cvelist"
-  "A major mode for editing data/CVE/list in the Debian secure-testing repo."
-  (setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords nil))
-  (setq font-lock-keywords-only t)
+  "A major mode for editing data/CVE/list in the Debian
+   secure-tracker repository."
+  (setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords t))
   (setq indent-line-function 'debian-cvelist-indent-line))
 
 (provide 'debian-cvelist)
+;;; cvelist.el ends here
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 90d7758b99..45fadc32af 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...)
+	TODO: check
 CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
 	NOT-FOR-US: JetBrains Ktor
 CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
@@ -6196,8 +6198,8 @@ CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1
 	NOT-FOR-US: European Commission eIDAS-Node Integration Package
 CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...)
 	NOT-FOR-US: Centrify Authentication and Privilege Elevation Services
-CVE-2019-18630
-	RESERVED
+CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...)
+	TODO: check
 CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
 	NOT-FOR-US: Xerox
 CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
@@ -6869,8 +6871,8 @@ CVE-2019-18353
 	RESERVED
 CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices  ...)
 	NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
-CVE-2019-18351
-	RESERVED
+CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...)
+	TODO: check
 CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET  ...)
 	NOT-FOR-US: Ant Design Pro
 CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
@@ -23217,6 +23219,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
 CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
 	RESERVED
 	- qemu <unfixed> (low; bug #972099)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
 	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 65725966d5..2011724d01 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,5 @@
+CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...)
+	NOT-FOR-US: ScottBrady.IdentityModel
 CVE-2020-35358
 	RESERVED
 CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...)
@@ -1475,8 +1477,8 @@ CVE-2020-35638
 	RESERVED
 CVE-2020-35637
 	RESERVED
-CVE-2020-35636
-	RESERVED
+CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-35635
 	RESERVED
 CVE-2020-35634
@@ -1491,8 +1493,8 @@ CVE-2020-35630
 	RESERVED
 CVE-2020-35629
 	RESERVED
-CVE-2020-35628
-	RESERVED
+CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...)
 	NOT-FOR-US: Ultimate WooCommerce Gift Cards
 CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...)
@@ -1801,7 +1803,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
 CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 	RESERVED
 	- qemu <unfixed> (bug #984454)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
@@ -1809,7 +1811,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
 CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 	RESERVED
 	- qemu <unfixed> (bug #984455)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
@@ -1817,11 +1819,12 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
 CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c]
 	RESERVED
 	- qemu <unfixed> (bug #979679)
-	[bullseye] - qemu <postponed> (Minor issue)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
+	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
 CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter]
 	RESERVED
 	- qemu <unfixed> (bug #979678)
@@ -2262,12 +2265,12 @@ CVE-2020-35331
 	RESERVED
 CVE-2020-35330
 	RESERVED
-CVE-2020-35329
-	RESERVED
-CVE-2020-35328
-	RESERVED
-CVE-2020-35327
-	RESERVED
+CVE-2020-35329 (Courier Management System 1.0 1.0 is affected by SQL Injection via 'MU ...)
+	NOT-FOR-US: Courier Management System
+CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...)
+	NOT-FOR-US: Courier Management System
+CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...)
+	NOT-FOR-US: Courier Management System
 CVE-2020-35326
 	RESERVED
 CVE-2020-35325
@@ -5165,8 +5168,8 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine
 	NOTE: https://github.com/dyne/Tomb/issues/392
 CVE-2020-28637
 	RESERVED
-CVE-2020-28636
-	RESERVED
+CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-28635
 	RESERVED
 CVE-2020-28634
@@ -5235,8 +5238,8 @@ CVE-2020-28603
 	RESERVED
 CVE-2020-28602
 	RESERVED
-CVE-2020-28601
-	RESERVED
+CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-28600
 	RESERVED
 CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
@@ -5248,7 +5251,7 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
 CVE-2020-28598
 	RESERVED
 CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
-	TODO: check
+	NOT-FOR-US: Epignosis EfrontPro
 CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
 	NOT-FOR-US: PrusaSlicer
 CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj()  ...)
@@ -11861,18 +11864,21 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us
 	NOT-FOR-US: SaferVPN
 CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
 	- qemu <unfixed> (bug #970940)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
 CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
 	- qemu <unfixed> (bug #971390)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
 CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
 	- qemu <unfixed> (bug #970939)
+	[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
@@ -12278,8 +12284,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs
 	NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...)
 	- wildfly <itp> (bug #752018)
-CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
-	RESERVED
+CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel&#8217;s  ...)
 	- linux 5.10.19-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -13911,12 +13916,12 @@ CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is
 	NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
 CVE-2020-24915
 	RESERVED
-CVE-2020-24914
-	RESERVED
-CVE-2020-24913
-	RESERVED
-CVE-2020-24912
-	RESERVED
+CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...)
+	TODO: check
+CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...)
+	TODO: check
+CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...)
+	TODO: check
 CVE-2020-24911
 	RESERVED
 CVE-2020-24910
@@ -15832,8 +15837,8 @@ CVE-2020-24038
 	RESERVED
 CVE-2020-24037
 	RESERVED
-CVE-2020-24036
-	RESERVED
+CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...)
+	NOT-FOR-US: ForkCMS
 CVE-2020-24035
 	RESERVED
 CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...)
@@ -32532,10 +32537,10 @@ CVE-2020-15940
 	RESERVED
 CVE-2020-15939
 	RESERVED
-CVE-2020-15938
-	RESERVED
+CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...)
+	NOT-FOR-US: FortiGate FortiGuard
 CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
-	TODO: check
+	NOT-FOR-US: FortiGate FortiGuard
 CVE-2020-15936
 	RESERVED
 CVE-2020-15935
@@ -51692,8 +51697,8 @@ CVE-2020-8300
 	RESERVED
 CVE-2020-8299
 	RESERVED
-CVE-2020-8298
-	RESERVED
+CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...)
+	TODO: check
 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
 	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
@@ -59428,8 +59433,8 @@ CVE-2020-5150
 	RESERVED
 CVE-2020-5149
 	RESERVED
-CVE-2020-5148
-	RESERVED
+CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...)
+	TODO: check
 CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...)
 	NOT-FOR-US: SonicWall
 CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...)
@@ -59774,8 +59779,8 @@ CVE-2020-4977
 	RESERVED
 CVE-2020-4976
 	RESERVED
-CVE-2020-4975
-	RESERVED
+CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2020-4974
 	RESERVED
 CVE-2020-4973
@@ -59992,14 +59997,14 @@ CVE-2020-4868
 	RESERVED
 CVE-2020-4867
 	RESERVED
-CVE-2020-4866
-	RESERVED
+CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
 	NOT-FOR-US: IBM
 CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...)
 	NOT-FOR-US: IBM
-CVE-2020-4863
-	RESERVED
+CVE-2020-4863 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	NOT-FOR-US: IBM
 CVE-2020-4862
 	RESERVED
 CVE-2020-4861
@@ -60010,10 +60015,10 @@ CVE-2020-4859
 	RESERVED
 CVE-2020-4858
 	RESERVED
-CVE-2020-4857
-	RESERVED
-CVE-2020-4856
-	RESERVED
+CVE-2020-4857 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	NOT-FOR-US: IBM
+CVE-2020-4856 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+	NOT-FOR-US: IBM
 CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
 	NOT-FOR-US: IBM
 CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...)
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index fd3f0e172f..80cedad9c6 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,45 @@
+CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
+	NOT-FOR-US: MSI Dragon Center
+CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
+	NOT-FOR-US: SonLogger
+CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
+	NOT-FOR-US: SonLogger
+CVE-2021-27962
+	RESERVED
+CVE-2021-27961
+	RESERVED
+CVE-2021-27960
+	RESERVED
+CVE-2021-27959
+	RESERVED
+CVE-2021-27958
+	RESERVED
+CVE-2021-27957
+	RESERVED
+CVE-2021-27956
+	RESERVED
+CVE-2021-27955
+	RESERVED
+CVE-2021-27954
+	RESERVED
+CVE-2021-27953
+	RESERVED
+CVE-2021-27952
+	RESERVED
+CVE-2021-27951
+	RESERVED
+CVE-2021-27950
+	RESERVED
+CVE-2021-27949
+	RESERVED
+CVE-2021-27948
+	RESERVED
+CVE-2021-27947
+	RESERVED
+CVE-2021-27946
+	RESERVED
+CVE-2021-27945
+	RESERVED
 CVE-2021-XXXX [XSA 369]
 	- linux <unfixed> (unimportant)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -1330,8 +1372,8 @@ CVE-2021-27316
 	RESERVED
 CVE-2021-27315
 	RESERVED
-CVE-2021-27314
-	RESERVED
+CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an  ...)
+	NOT-FOR-US: doctor appointment system
 CVE-2021-27313
 	RESERVED
 CVE-2021-27312
@@ -1524,8 +1566,8 @@ CVE-2021-27221
 	RESERVED
 CVE-2021-27220
 	RESERVED
-CVE-2021-27217
-	RESERVED
+CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+	TODO: check
 CVE-2021-27216
 	RESERVED
 CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
@@ -2025,10 +2067,10 @@ CVE-2021-26991
 	RESERVED
 CVE-2021-26990
 	RESERVED
-CVE-2021-26989
-	RESERVED
-CVE-2021-26988
-	RESERVED
+CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...)
+	NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
+	NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-26987
 	RESERVED
 CVE-2021-26986
@@ -2141,14 +2183,12 @@ CVE-2021-23217
 	RESERVED
 CVE-2021-23201
 	RESERVED
-CVE-2021-3404
-	RESERVED
+CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...)
 	- libytnef 1.9.3-3 (bug #982596)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/86
-CVE-2021-3403
-	RESERVED
+CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows  ...)
 	- libytnef 1.9.3-3 (bug #982594)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
@@ -2354,13 +2394,12 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
 	NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
-CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed]
-	RESERVED
-	{DSA-4859-1 DLA-2573-1}
+CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for  ...)
+	{DSA-4859-1}
 	- libzstd 1.4.8+dfsg-2 (bug #982519)
+	[stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
 	NOTE: https://github.com/facebook/zstd/issues/2491
-CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed]
-	RESERVED
+CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
 	{DSA-4850-1 DLA-2573-1}
 	- libzstd 1.4.8+dfsg-1 (bug #981404)
 	NOTE: https://github.com/facebook/zstd/issues/1630
@@ -3700,8 +3739,8 @@ CVE-2021-3327
 	RESERVED
 CVE-2021-26294
 	RESERVED
-CVE-2021-26293
-	RESERVED
+CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
+	TODO: check
 CVE-2021-26292
 	RESERVED
 CVE-2021-26291
@@ -4318,12 +4357,12 @@ CVE-2021-26031
 	RESERVED
 CVE-2021-26030
 	RESERVED
-CVE-2021-26029
-	RESERVED
-CVE-2021-26028
-	RESERVED
-CVE-2021-26027
-	RESERVED
+CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
+	NOT-FOR-US: Joomla!
 CVE-2021-3287
 	RESERVED
 CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
@@ -5904,42 +5943,42 @@ CVE-2021-25350
 	RESERVED
 CVE-2021-25349
 	RESERVED
-CVE-2021-25348
-	RESERVED
-CVE-2021-25347
-	RESERVED
-CVE-2021-25346
-	RESERVED
-CVE-2021-25345
-	RESERVED
-CVE-2021-25344
-	RESERVED
-CVE-2021-25343
-	RESERVED
-CVE-2021-25342
-	RESERVED
-CVE-2021-25341
-	RESERVED
-CVE-2021-25340
-	RESERVED
-CVE-2021-25339
-	RESERVED
-CVE-2021-25338
-	RESERVED
-CVE-2021-25337
-	RESERVED
-CVE-2021-25336
-	RESERVED
-CVE-2021-25335
-	RESERVED
-CVE-2021-25334
-	RESERVED
-CVE-2021-25333
-	RESERVED
-CVE-2021-25332
-	RESERVED
-CVE-2021-25331
-	RESERVED
+CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
+	NOT-FOR-US: Samsung Internet
+CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to  ...)
+	NOT-FOR-US: Samsung Email application
+CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...)
+	TODO: check
+CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...)
+	TODO: check
+CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021  ...)
+	TODO: check
+CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
+	TODO: check
+CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
+	TODO: check
+CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
+	TODO: check
+CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
+	TODO: check
+CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior  ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...)
+	NOT-FOR-US: Samsung mobile devices
+CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	NOT-FOR-US: Samsung Pay mini application
 CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
 	NOT-FOR-US: MobileWips application
 CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
@@ -10255,12 +10294,12 @@ CVE-2021-23348
 	RESERVED
 CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0  ...)
 	NOT-FOR-US: argo-cd
-CVE-2021-23346
-	RESERVED
+CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
+	TODO: check
 CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
 	TODO: check
-CVE-2021-23344
-	RESERVED
+CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
+	TODO: check
 CVE-2021-23343
 	RESERVED
 CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
@@ -10679,20 +10718,20 @@ CVE-2021-23134
 	RESERVED
 CVE-2021-23133
 	RESERVED
-CVE-2021-23132
-	RESERVED
-CVE-2021-23131
-	RESERVED
-CVE-2021-23130
-	RESERVED
-CVE-2021-23129
-	RESERVED
-CVE-2021-23128
-	RESERVED
-CVE-2021-23127
-	RESERVED
-CVE-2021-23126
-	RESERVED
+CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...)
+	NOT-FOR-US: Joomla!
+CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the  ...)
+	NOT-FOR-US: Joomla!
 CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
 	NOT-FOR-US: Joomla!
 CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
@@ -12390,7 +12429,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product.
 	NOT-FOR-US: Huawei
 CVE-2021-22297
 	RESERVED
-CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...)
+CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers  ...)
 	NOT-FOR-US: HarmonyOS
 CVE-2021-22295
 	RESERVED
@@ -12604,8 +12643,8 @@ CVE-2021-22191
 	RESERVED
 CVE-2021-22190
 	RESERVED
-CVE-2021-22189
-	RESERVED
+CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by  ...)
+	TODO: check
 CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
@@ -12616,8 +12655,8 @@ CVE-2021-22185
 	RESERVED
 CVE-2021-22184
 	RESERVED
-CVE-2021-22183
-	RESERVED
+CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2021-22181
@@ -12754,8 +12793,8 @@ CVE-2021-22130
 	RESERVED
 CVE-2021-22129
 	RESERVED
-CVE-2021-22128
-	RESERVED
+CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal  ...)
+	NOT-FOR-US: FortiProxy SSL VPN portal
 CVE-2021-22127
 	RESERVED
 CVE-2021-22126
@@ -16586,10 +16625,10 @@ CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulne
 	NOT-FOR-US: IBM
 CVE-2021-20352
 	RESERVED
-CVE-2021-20351
-	RESERVED
-CVE-2021-20350
-	RESERVED
+CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
+CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2021-20349
 	RESERVED
 CVE-2021-20348
@@ -16608,8 +16647,8 @@ CVE-2021-20342
 	RESERVED
 CVE-2021-20341
 	RESERVED
-CVE-2021-20340
-	RESERVED
+CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This  ...)
+	NOT-FOR-US: IBM
 CVE-2021-20339
 	RESERVED
 CVE-2021-20338
@@ -16756,12 +16795,22 @@ CVE-2021-20269
 	RESERVED
 CVE-2021-20268
 	RESERVED
+	- linux 5.10.12-1
+	[buster] - linux <not-affected> (Vulnerable code introduced later)
+	[stretch] - linux <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/
+	NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b
 CVE-2021-20267
 	RESERVED
+	- neutron <unfixed>
+	NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
+	NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
 CVE-2021-20266
 	RESERVED
-CVE-2021-20265
+CVE-2021-20265 [increase slab leak leads to DoS]
 	RESERVED
+	- linux 4.4.4-1
+	NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
 CVE-2021-20264
 	RESERVED
 CVE-2021-20263
diff --git a/data/DLA/list b/data/DLA/list
index 24c15acc4e..9fff463b7b 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -22,7 +22,7 @@
 	{CVE-2021-27212}
 	[stretch] - openldap 2.4.44+dfsg-5+deb9u8
 [20 Feb 2021] DLA-2573-1 libzstd - security update
-	{CVE-2021-24031 CVE-2021-24032}
+	{CVE-2021-24031}
 	[stretch] - libzstd 1.1.2-1+deb9u1
 [20 Feb 2021] DLA-2572-1 wpa - security update
 	{CVE-2021-0326}
diff --git a/doc/security-team.d.o/index b/doc/security-team.d.o/index
index 19a1e97ea4..db4e175602 100644
--- a/doc/security-team.d.o/index
+++ b/doc/security-team.d.o/index
@@ -41,5 +41,6 @@ Please, feel free to [contribute with this document](https://salsa.debian.org/se
     - [DSA release](dsa_release.html)
 * [How to interact with the Security Tracker](security_tracker.html)
     - How to contribute to the security tracker code
+* [Triage "low severity" issues](triage.html)
 * [Troubleshooting tips](tips.html)
 * [Glossary](glossary.html)
diff --git a/doc/security-team.d.o/style.css b/doc/security-team.d.o/style.css
index c869719102..97f1a4a7de 100644
--- a/doc/security-team.d.o/style.css
+++ b/doc/security-team.d.o/style.css
@@ -194,7 +194,7 @@ a.feedlink { /* Little orange RSS button */
     /* Without !important, inherets from td.titlecell a:* */
 }
 
-ul { list-style-type: none; padding: 0; }
+ul { padding: 0; }
 li { margin-top: 0.2em; 
     margin-left: 20px;
    }