[Git][security-tracker-team/security-tracker][master] 3 commits: Move one older CVE from NFU status to the ITP'ed entry

Thu, 12 May 2022 03:47:57 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc133236 by Salvatore Bonaccorso at 2022-05-12T12:34:50+02:00
Move one older CVE from NFU status to the ITP'ed entry

- - - - -
4edb1882 by Salvatore Bonaccorso at 2022-05-12T12:46:16+02:00
Add two new libsixel issues

- - - - -
15a41816 by Salvatore Bonaccorso at 2022-05-12T12:47:12+02:00
Process three NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2022-30595
 CVE-2022-30593
        RESERVED
 CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) 
before 3.1. ...)
-       TODO: check
+       NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC)
 CVE-2022-30591
        RESERVED
 CVE-2022-30590
@@ -1647,13 +1647,15 @@ CVE-2022-29980
 CVE-2022-29979
        RESERVED
 CVE-2022-29978 (There is a floating point exception error in 
sixel_encoder_do_resize,  ...)
-       TODO: check
+       - libsixel <unfixed>
+       NOTE: https://github.com/saitoha/libsixel/issues/166
 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, 
stb_ima ...)
-       TODO: check
+       - libsixel <unfixed>
+       NOTE: https://github.com/saitoha/libsixel/issues/165
 CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC 
Parameter was d ...)
-       TODO: check
+       NOT-FOR-US: MDaemon
 CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC 
Parameter was di ...)
-       TODO: check
+       NOT-FOR-US: MDaemon
 CVE-2022-29974
        RESERVED
 CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive 
information ( ...)
@@ -461365,7 +461367,7 @@ CVE-2011-4313 (query.c in ISC BIND 9.0.x through 
9.6.x, 9.4-ESV through 9.4-ESV-
        {DSA-2347-1}
        - bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
 CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the 
commenting  ...)
-       NOT-FOR-US: Review Board
+       - reviewboard <itp> (bug #653113)
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access 
keys,  ...)
        NOT-FOR-US: ResourceSpace
 CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers 
to cor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c793fac0779f6f6345aaec8cda939d8f7183b2a9...15a4181615006627fceef646e332cf97ab34ea30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c793fac0779f6f6345aaec8cda939d8f7183b2a9...15a4181615006627fceef646e332cf97ab34ea30
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to