From c34c130b3ccac97fb62a2962724dddfb3e586872 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Mon, 1 Nov 2021 14:15:04 +0000
Subject: Process some NFUs

---
 data/CVE/2021.list | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index ef3e96ebd4..553d961abb 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -17733,7 +17733,7 @@ CVE-2021-3620
 CVE-2021-35500
 	RESERVED
 CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
@@ -46645,15 +46645,16 @@ CVE-2021-23454
 CVE-2021-23453
 	RESERVED
 CVE-2021-23452 (This affects all versions of package x-assign. The global proto object ...)
-	TODO: check
+	NOT-FOR-US:  x-assign JS
 CVE-2021-23451
 	RESERVED
 CVE-2021-23450
 	RESERVED
 CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
-	TODO: check
+	NOT-FOR-US: vm2 JS
+	NOTE: https://github.com/patriksimek/vm2
 CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...)
-	TODO: check
+	NOT-FOR-US: config-handler JS
 CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...)
 	NOT-FOR-US: teddy templating engine
 CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from  ...)
-- 
cgit v1.2.3