Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9b71dbe by Salvatore Bonaccorso at 2022-08-01T22:56:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2022-2596 (Denial of Service in GitHub repository
node-fetch/node-fetch prio
NOTE: Introduced in:
https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0
(v3.1.0)
NOTE:
https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d
(v3.2.10)
CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra
prior to ...)
- TODO: check
+ NOT-FOR-US: Titra
CVE-2022-2594
RESERVED
CVE-2022-2593
@@ -562,7 +562,7 @@ CVE-2022-37038
CVE-2022-2590
RESERVED
CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository
beancount/ ...)
- TODO: check
+ NOT-FOR-US: Fava
CVE-2022-37037
RESERVED
CVE-2022-37036
@@ -2438,9 +2438,9 @@ CVE-2022-36304 (Vesta v1.0.0-5 was discovered to contain
a cross-site scripting
CVE-2022-36303 (Vesta v1.0.0-5 was discovered to contain a cross-site
scripting (XSS) ...)
NOT-FOR-US: Vesta
CVE-2022-36302 (File path manipulation vulnerability in BF-OS version 3.00 up
to and i ...)
- TODO: check
+ NOT-FOR-US: BF-OS
CVE-2022-36301 (BF-OS version 3.x up to and including 3.83 do not enforce
strong passw ...)
- TODO: check
+ NOT-FOR-US: BF-OS
CVE-2022-36300
RESERVED
CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3
allows a r ...)
@@ -15773,7 +15773,7 @@ CVE-2022-31150 (undici is an HTTP/1.1 client, written
from scratch for Node.js.
CVE-2022-31149
RESERVED
CVE-2022-31148 (Shopware is an open source e-commerce software. In versions
from 5.7.0 ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides
drop-in vali ...)
NOT-FOR-US: jquery-validation
CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a
bug in th ...)
@@ -15820,7 +15820,7 @@ CVE-2022-31129 (moment is a JavaScript date library for
parsing, validating, man
NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973
NOTE:
https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
CVE-2022-31128 (Tuleap is a Free & Open Source Suite to improve management
of soft ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2022-31127 (NextAuth.js is a complete open source authentication solution
for Next ...)
NOT-FOR-US: NextAuth.js
CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy,
Nginx, A ...)
@@ -15866,7 +15866,7 @@ CVE-2022-31111 (Frontier is Substrate's Ethereum
compatibility layer. In affecte
CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In
commits pr ...)
NOT-FOR-US: RSSHub
CVE-2022-31109 (laminas-diactoros is a PHP package containing implementations
of the P ...)
- TODO: check
+ NOT-FOR-US: laminas-diactoros
CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool
that uses ...)
- node-mermaid <unfixed> (bug #1014540)
[bullseye] - node-mermaid <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b71dbec37778fc5ff722655978dd1f8277e212
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b71dbec37778fc5ff722655978dd1f8277e212
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
