Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6607d8bd by Neil Williams at 2022-02-18T14:36:26+00:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2710,7 +2710,8 @@ CVE-2022-0474 (Full list of recipients from customer
users in a contact field co
NOT-FOR-US: OTRS
NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
CVE-2022-0473 (OTRS administrators can configure dynamic field and inject
malicious J ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
CVE-2022-24308
RESERVED
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect
access cont ...)
@@ -5025,7 +5026,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim
prior to 8.2. ...)
NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
NOTE:
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
(v8.2.4151)
CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
- TODO: check
+ NOT-FOR-US: go-attestation
CVE-2022-0316
RESERVED
CVE-2022-0315
@@ -7896,7 +7897,7 @@ CVE-2021-46251 (A reflected cross-site scripting (XSS) in
ScratchOAuth2 before c
CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before
commit a91879 ...)
NOT-FOR-US: ScratchOAuth2
CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in
Specific ...)
- TODO: check
+ NOT-FOR-US: ScratchOAuth2
CVE-2021-46248
RESERVED
CVE-2021-46247 (The use of a hard-coded cryptographic key significantly
increases the ...)
@@ -17349,9 +17350,9 @@ CVE-2022-21678 (Discourse is an open source discussion
platform. Prior to versio
CVE-2022-21677 (Discourse is an open source discussion platform. Discourse
groups can ...)
NOT-FOR-US: Discourse
CVE-2022-21676 (Engine.IO is the implementation of transport-based
cross-browser/cross ...)
- TODO: check
+ NOT-FOR-US: Engine.IO
CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering
suite. Ver ...)
- TODO: check
+ NOT-FOR-US: Bytecode Viewer
CVE-2022-21674
RESERVED
CVE-2022-21673 (Grafana is an open-source platform for monitoring and
observability. I ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6607d8bd5e0bbb19544adb517df2d70384428fc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6607d8bd5e0bbb19544adb517df2d70384428fc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
