[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 09 Feb 2022 04:30:09 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4e1e2ac8 by Moritz Muehlenhoff at 2022-02-09T13:29:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2022-24696
 CVE-2022-24695
        RESERVED
 CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 
21.10 before ...)
-       TODO: check
+       - mahara <removed>
 CVE-2022-24693
        RESERVED
 CVE-2022-24692
@@ -27,7 +27,7 @@ CVE-2022-24684
 CVE-2022-24683
        RESERVED
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra 
Collaboratio ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2022-24681
        RESERVED
 CVE-2022-24680
@@ -37,9 +37,9 @@ CVE-2022-24679
 CVE-2022-24678
        RESERVED
 CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution 
because ...)
-       TODO: check
+       NOT-FOR-US: HYBBS2
 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows 
arbitrary file ...)
-       TODO: check
+       NOT-FOR-US: HYBBS2
 CVE-2022-24675
        RESERVED
 CVE-2022-24674
@@ -96,6 +96,7 @@ CVE-2022-0533
        RESERVED
 CVE-2022-0532
        RESERVED
+       NOT-FOR-US: cri-o
 CVE-2022-0531
        RESERVED
 CVE-2022-0530
@@ -797,7 +798,7 @@ CVE-2022-24385
 CVE-2022-24384
        RESERVED
 CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: CSV+
 CVE-2022-0487 (A use-after-free vulnerability was found in 
rtsx_usb_ms_drv_remove in  ...)
        - linux <unfixed>
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
@@ -811,7 +812,7 @@ CVE-2022-0485 [nbdcopy: missing error handling may create 
corrupted destination
        NOTE: Fixed by: 
https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb
        NOTE: 
https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
 CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens 
Extens ...)
-       TODO: check
+       NOT-FOR-US: Mirantis Container Cloud Lens
 CVE-2022-0483
        RESERVED
 CVE-2022-0482
@@ -987,7 +988,8 @@ CVE-2022-0476
 CVE-2022-0475
        RESERVED
 CVE-2022-0474 (Full list of recipients from customer users in a contact field 
could b ...)
-       TODO: check
+       NOT-FOR-US: OTRS
+       NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
 CVE-2022-0473 (OTRS administrators can configure dynamic field and inject 
malicious J ...)
        TODO: check
 CVE-2022-24308
@@ -1191,7 +1193,7 @@ CVE-2022-24284
 CVE-2022-24283
        RESERVED
 CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. 
...)
-       TODO: check
+       NOT-FOR-US: Node karma
 CVE-2022-0436
        RESERVED
 CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a 
convert_const_to_ ...)
@@ -2386,9 +2388,9 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices 
through 3.1 has a weak algo
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in 
the relea ...)
        NOT-FOR-US: Bromite
 CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
-       TODO: check
+       NOT-FOR-US: Gerber
 CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
-       TODO: check
+       NOT-FOR-US: Gerber
 CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. 
This iss ...)
        NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23944 (User can access /plugin api without authentication. This issue 
affecte ...)
@@ -3552,9 +3554,9 @@ CVE-2022-23629
 CVE-2022-23628
        RESERVED
 CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose 
of idlin ...)
-       TODO: check
+       NOT-FOR-US: ArchiSteamFarm
 CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP 
blog. Erro ...)
-       TODO: check
+       NOT-FOR-US: m1k1o/blog
 CVE-2022-23625
        RESERVED
 CVE-2022-23624 (Frourio-express is a minimal full stack framework, for 
TypeScript. Fro ...)
@@ -3607,7 +3609,7 @@ CVE-2022-23607 (treq is an HTTP library inspired by 
requests but written on top
 CVE-2022-23606
        RESERVED
 CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. 
In versio ...)
-       TODO: check
+       NOT-FOR-US: Wire webapp
 CVE-2022-23604
        RESERVED
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application 
for use wi ...)
@@ -3619,7 +3621,7 @@ CVE-2022-23601 (Symfony is a PHP framework for web and 
console applications and
        NOTE: 
https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
        NOTE: 
https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
 CVE-2022-23600 (fleet is an open source device management, built on osquery. 
Versions  ...)
-       TODO: check
+       NOT-FOR-US: Fleet
 CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 
2.1 - 4.3 ...)
        NOT-FOR-US: Plone
 CVE-2022-23598 (laminas-form is a package for validating and displaying simple 
and com ...)
@@ -4742,7 +4744,7 @@ CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is 
vulnerable to deserializ
        [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox 
of php_ma ...)
-       TODO: check
+       NOT-FOR-US: php_mailform
 CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached 
file name ...)
        TODO: check
 CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository c ...)
@@ -4994,7 +4996,7 @@ CVE-2022-23208
 CVE-2022-23207
        RESERVED
 CVE-2022-0227 (Business Logic Errors in GitHub repository 
silverstripe/silverstripe-f ...)
-       TODO: check
+       NOT-FOR-US: Silverstripe CMS
 CVE-2021-46303
        RESERVED
 CVE-2021-46302
@@ -8683,7 +8685,7 @@ CVE-2022-22264 (Improper sanitization of incoming intent 
in Dressroom prior to S
 CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR 
Jan-2022 Rele ...)
        NOT-FOR-US: Samsung
 CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG 
document. ...)
-       TODO: check
+       NOT-FOR-US: Studio 42 elFinder
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows 
denial of  ...)
        - wireshark <unfixed>
        [bullseye] - wireshark <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e1e2ac84ecf6699b99bf4c43e502fc88e75473d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e1e2ac84ecf6699b99bf4c43e502fc88e75473d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to