[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 11 Jul 2022 12:38:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b0118c06 by Salvatore Bonaccorso at 2022-07-11T21:37:32+02:00
Process some NFUs

- - - - -
c729c039 by Salvatore Bonaccorso at 2022-07-11T21:37:33+02:00
Add CVE-2022-33980/commons-configuration2

- - - - -
f71e4e3b by Salvatore Bonaccorso at 2022-07-11T21:37:35+02:00
Add CVE-2022-32061/snipe-it

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2441,7 +2441,7 @@ CVE-2022-30692
 CVE-2022-29514
        RESERVED
 CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior 
to 2.4.2 ...)
-       TODO: check
+       NOT-FOR-US: LiteCart
 CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management 
System  ...)
        NOT-FOR-US: SourceCodester Library Management System
 CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management 
System  ...)
@@ -4191,7 +4191,8 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux 
kernel before 5.17.6 is vuln
        NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
        NOTE: 
https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
 CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, 
allowing ...)
-       TODO: check
+       - commons-configuration2 <unfixed>
+       NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 
...)
        - vim <unfixed>
        [stretch] - vim <postponed> (Minor issue)
@@ -7472,7 +7473,7 @@ CVE-2022-32569
 CVE-2022-32568
        RESERVED
 CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for 
Atlassian Jir ...)
-       TODO: check
+       NOT-FOR-US: Appfire Jira Misc Custom Fields (JMCF) app
 CVE-2022-32566
        RESERVED
 CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The 
Backup S ...)
@@ -7926,7 +7927,7 @@ CVE-2022-32443
 CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting 
(XSS). When  ...)
        NOT-FOR-US: u5cms
 CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers 
to cause ...)
-       TODO: check
+       NOT-FOR-US: Hex Rays Ida Pro
 CVE-2022-32440
        RESERVED
 CVE-2022-32439
@@ -8218,7 +8219,7 @@ CVE-2022-32297
 CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the 
Altra re ...)
        NOT-FOR-US: Ampere devices
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the 
initial-l ...)
-       TODO: check
+       NOT-FOR-US: Zimbra
 CVE-2022-32293
        RESERVED
 CVE-2022-32292
@@ -8491,13 +8492,13 @@ CVE-2022-1986 (OS Command Injection in GitHub 
repository gogs/gogs prior to 0.12
 CVE-2022-32234
        RESERVED
 CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of 
Cybozu Garoon ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2022-30602 (Operation restriction bypass in multiple applications of 
Cybozu Garoon ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2022-29926
        RESERVED
 CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor 
issue in mu ...)
-       TODO: check
+       NOT-FOR-US: Cybozu
 CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to 
reflected C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1984
@@ -9043,7 +9044,7 @@ CVE-2022-32063
 CVE-2022-32062
        RESERVED
 CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User 
function und ...)
-       TODO: check
+       - snipe-it <itp> (bug #1005172)
 CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding 
Settings ...)
        - snipe-it <itp> (bug #1005172)
 CVE-2022-32059



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Reply via email to