[Git][security-tracker-team/security-tracker][master] NFUs

Mon, 07 Mar 2022 09:52:52 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d54620b9 by Moritz Muehlenhoff at 2022-03-07T18:52:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2022-0871
 CVE-2022-0870
        RESERVED
 CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior 
to 0.1 ...)
-       TODO: check
+       NOT-FOR-US: Spirit forum software
 CVE-2022-26507
        RESERVED
 CVE-2022-26506
@@ -88,7 +88,7 @@ CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the 
IsolatedRazorEngine compo
 CVE-2020-36517
        RESERVED
 CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 
1.19.10. ...)
-       TODO: check
+       NOT-FOR-US: Node urijs
 CVE-2022-26490 (st21nfca_connectivity_event_received in 
drivers/nfc/st21nfca/se.c in t ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
@@ -312,7 +312,7 @@ CVE-2022-0849 (Use After Free in r_reg_get_name_idx in 
GitHub repository radareo
        NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6
        NOTE: 
https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24
 CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior 
to 0.5 ...)
-       TODO: check
+       NOT-FOR-US: part-db
 CVE-2022-26412
        RESERVED
 CVE-2022-26411
@@ -374,7 +374,7 @@ CVE-2022-0847
 CVE-2022-0846
        RESERVED
 CVE-2022-0845 (Code Injection in GitHub repository 
pytorchlightning/pytorch-lightning ...)
-       TODO: check
+       NOT-FOR-US: pytorchlightning
 CVE-2022-26387
        RESERVED
 CVE-2022-26386
@@ -412,9 +412,9 @@ CVE-2022-0841 (OS Command Injection in GitHub repository 
ljharb/npm-lockfile in
 CVE-2022-0840
        RESERVED
 CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub 
reposi ...)
-       TODO: check
+       NOT-FOR-US: liquibase
 CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
hestiacp/h ...)
-       TODO: check
+       NOT-FOR-US: Hestia Control Panel
 CVE-2022-0837
        RESERVED
 CVE-2022-0836
@@ -484,7 +484,7 @@ CVE-2022-26343
 CVE-2022-26337
        RESERVED
 CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache 
POI) allow ...)
-       TODO: check
+       NOT-FOR-US: poi-scratchpad
 CVE-2022-26335
        RESERVED
 CVE-2022-26334
@@ -1780,7 +1780,7 @@ CVE-2022-0754
 CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
hestiacp/h ...)
        NOT-FOR-US: Hestia Control Panel
 CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository 
hestiacp/hes ...)
-       TODO: check
+       NOT-FOR-US: Hestia Control Panel
 CVE-2022-0751
        RESERVED
        [experimental] - gitlab 14.6.5+ds1-1
@@ -2884,7 +2884,7 @@ CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on 
Windows allows local privi
 CVE-2022-0698
        RESERVED
 CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 
1.7.0. ...)
-       TODO: check
+       NOT-FOR-US: Archivy
 CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
8.2.442 ...)
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
@@ -3082,7 +3082,7 @@ CVE-2022-25317 (An issue was discovered in Cerebrate 
through 1.4. genericForm al
 CVE-2022-25316
        RESERVED
 CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Apache Any23
 CVE-2022-21132
        RESERVED
 CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository 
radareorg/radare2 prio ...)
@@ -3898,7 +3898,7 @@ CVE-2022-25071
 CVE-2022-25070
        RESERVED
 CVE-2022-25069 (Mark Text v0.16.3 was discovered to contain a DOM-based 
cross-site scr ...)
-       TODO: check
+       NOT-FOR-US: MarkText
 CVE-2022-25068
        RESERVED
 CVE-2022-25067
@@ -4728,7 +4728,7 @@ CVE-2022-24720 (image_processing is an image processing 
wrapper for libvips and
        NOTE: 
https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
        NOTE: 
https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada
 (v1.12.2)
 CVE-2022-24719 (Fluture-Node is a FP-style HTTP and streaming utils for Node 
based on  ...)
-       TODO: check
+       NOT-FOR-US: Fluture-Node
 CVE-2022-24718 (ssr-pages is an HTML page builder for the purpose of 
server-side rende ...)
        NOT-FOR-US: ssr-pages
 CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of 
server-side rende ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54620b9a0a6964a7355d11794c80ea1d4a9976f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54620b9a0a6964a7355d11794c80ea1d4a9976f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to