From aec5aca4b8f68ff7d1bf8e9b5b343bb6dc891967 Mon Sep 17 00:00:00 2001 From: Utkarsh Gupta Date: Thu, 4 Mar 2021 14:10:35 +0530 Subject: Mark 7 CVEs affecting grub2 as ignored for stretch --- data/CVE/2020.list | 5 +++++ data/CVE/2021.list | 2 ++ 2 files changed, 7 insertions(+) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a1b05a2d14..65725966d5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -7147,6 +7147,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) - poppler 0.85.0-2 [buster] - poppler (Minor issue) @@ -7348,6 +7349,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-27748 [local file inclusion vulnerability] RESERVED - xdg-utils (bug #975370) @@ -12254,6 +12256,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...) TODO: check CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...) @@ -12312,6 +12315,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...) - moodle CVE-2020-25630 (A vulnerability was found in Moodle where the decompressed size of zip ...) @@ -36435,6 +36439,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc. CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-14371 RESERVED NOT-FOR-US: Red Hat Satellite diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 76470a20d8..b0c0538050 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -16898,6 +16898,7 @@ CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2021-20232 RESERVED CVE-2021-20231 @@ -16936,6 +16937,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...) {DSA-4867-1} - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) CVE-2021-20224 RESERVED CVE-2021-20223 -- cgit v1.2.3