[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri, 05 Aug 2022 02:34:47 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
83a81e98 by Neil Williams at 2022-08-05T10:29:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3756,9 +3756,9 @@ CVE-2022-35932
 CVE-2022-35931
        RESERVED
 CVE-2022-35930 (PolicyController is a utility used to enforce supply chain 
policy in K ...)
-       TODO: check
+       NOT-FOR-US: sigstore/policy-controller
 CVE-2022-35929 (cosign is a container signing and verification utility. In 
versions pr ...)
-       TODO: check
+       NOT-FOR-US: Cosign
 CVE-2022-35928 (AES Crypt is a file encryption software for multiple 
platforms. AES Cr ...)
        NOT-FOR-US: AES Crypt
 CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system 
for IoT  ...)
@@ -3995,7 +3995,7 @@ CVE-2022-35860
 CVE-2022-35859
        RESERVED
 CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions 
in Sams ...)
-       TODO: check
+       NOT-FOR-US: Samsung mTower
 CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to 
execute arbitr ...)
        NOT-FOR-US: kvf-admin
 CVE-2022-35856
@@ -5976,7 +5976,7 @@ CVE-2022-34994
 CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a 
hard code  ...)
        NOT-FOR-US: Totolink
 CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow 
via the ...)
-       TODO: check
+       NOT-FOR-US: viruscamp/luadec
 CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected 
cross-site  ...)
        NOT-FOR-US: Paymoney
 CVE-2022-34990
@@ -6020,7 +6020,7 @@ CVE-2022-34972 (So Filter Shop v3.x was discovered to 
contain multiple blind SQL
 CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising 
Management m ...)
        NOT-FOR-US: Feehi CMS
 CVE-2022-34970 (Crow before v1.0+4 was discovered to contain a buffer overflow 
via the ...)
-       TODO: check
+       NOT-FOR-US: CrowCpp
 CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer 
dereferen ...)
        NOT-FOR-US: pingcap/tidb
 CVE-2022-34968 (An issue in the fetch_step function in Percona Server for 
MySQL v8.0.2 ...)
@@ -16264,7 +16264,7 @@ CVE-2022-31177 (Flask-AppBuilder is an application 
development framework built o
 CVE-2022-31176
        RESERVED
 CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site 
scripting vu ...)
-       TODO: check
+       NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 
packages
 CVE-2022-31174
        RESERVED
 CVE-2022-31173 (Juniper is a GraphQL server library for Rust. Affected 
versions of Jun ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a81e989f1269384e7781d719eb53f5210169eb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a81e989f1269384e7781d719eb53f5210169eb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to