Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6717c83 by Neil Williams at 2022-03-25T11:37:24+00:00
Process some NFUs
- - - - -
0c9166e3 by Neil Williams at 2022-03-25T11:38:22+00:00
CVE-2022-22771/jasperreports <removed>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1522,7 +1522,7 @@ CVE-2022-0987 [PackageKit: Information Disclosure in
Transaction Interface via t
[stretch] - packagekit <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub
repositor ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2022-0985
RESERVED
CVE-2022-0984
@@ -11893,7 +11893,7 @@ CVE-2022-0317 (An improper input validation
vulnerability in go-attestation befo
CVE-2022-0316
RESERVED
CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod
prior to ...)
- TODO: check
+ NOT-FOR-US: horovod
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes
the insta ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-23778
@@ -15284,7 +15284,8 @@ CVE-2022-22773
CVE-2022-22772
RESERVED
CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO
JasperReports Libr ...)
- TODO: check
+ - jasperreports <removed>
+ NOTE:
https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771
CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO
AuditSafe cont ...)
NOT-FOR-US: TIBCO
CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX,
TIBCO EBX ...)
@@ -15690,7 +15691,7 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE:
https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed
Dangerous Meth ...)
- TODO: check
+ NOT-FOR-US: ARM Mali GPU driver
CVE-2022-22705
RESERVED
CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux
sometimes a ...)
@@ -15726,9 +15727,9 @@ CVE-2022-22690 (Within the Umbraco CMS, a configuration
element named "UmbracoAp
CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4,
14.0.0, an ...)
NOT-FOR-US: CA Harvest Software Change Manager
CVE-2022-22688 (Improper neutralization of special elements used in a command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Synology DiskStation Manager
CVE-2022-22686
RESERVED
CVE-2022-22685
@@ -20366,9 +20367,9 @@ CVE-2022-21948
CVE-2022-21947
RESERVED
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers
configura ...)
- TODO: check
+ NOT-FOR-US: SUSE cscreen
CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE
Factory ...)
- TODO: check
+ NOT-FOR-US: SUSE cscreen
CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
systemd ...)
NOT-FOR-US: SUSE packaging issue in watchman
CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding
2.12.3 and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e50a08fde5098fb2aa43136076c34db58532ec7...0c9166e344127ad65669038dca4414a43bf2cc84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e50a08fde5098fb2aa43136076c34db58532ec7...0c9166e344127ad65669038dca4414a43bf2cc84
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
