Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75832def by Neil Williams at 2022-04-06T14:03:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2866,9 +2866,9 @@ CVE-2022-27611
CVE-2022-27610
RESERVED
CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Forcepoint One Endpoint
CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Forcepoint One Endpoint
CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the
AP4_HvccAtom ...)
NOT-FOR-US: Bento4
CVE-2022-27606
@@ -6373,7 +6373,7 @@ CVE-2022-26283 (Simple Subscription Website v1.0 was
discovered to contain a SQL
CVE-2022-26282
RESERVED
CVE-2022-26281 (BigAnt Server v5.6.06 was discovered to contain an incorrect
access co ...)
- TODO: check
+ NOT-FOR-US: BigAnt Server
CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds
read via ...)
- libarchive <unfixed> (bug #1008953)
[bullseye] - libarchive <no-dsa> (Minor issue)
@@ -10383,7 +10383,7 @@ CVE-2022-24803 (Asciidoctor-include-ext is
Asciidoctor’s standard include
NOTE:
https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155
(v0.4.0)
NOTE:
https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee
(v0.4.0)
CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality
to deep m ...)
- TODO: check
+ NOT-FOR-US: deepmerge-ts
CVE-2022-24801 (Twisted is an event-based framework for internet applications,
support ...)
- twisted <unfixed> (bug #1009030)
NOTE:
https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq
@@ -10396,13 +10396,13 @@ CVE-2022-24799
CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database
server, ...)
NOT-FOR-US: Internet Routing Registry daemon (iird)
CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed
service mod ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for
running ...)
NOT-FOR-US: RaspberryMatic
CVE-2022-24795
RESERVED
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
- TODO: check
+ NOT-FOR-US: Express OpenID Connect
CVE-2022-24793
RESERVED
CVE-2022-24792
@@ -10419,7 +10419,7 @@ CVE-2022-24789 (C1 CMS is an open-source, .NET based
Content Management System (
CVE-2022-24788
RESERVED
CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2022-24786
RESERVED
CVE-2022-24785 (Moment.js is a JavaScript date library for parsing,
validating, manipu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75832def40dac08bf31f21aec5ed386865fc6817
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75832def40dac08bf31f21aec5ed386865fc6817
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
