[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Mon, 22 Aug 2022 03:04:55 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
84bffc47 by Moritz Muehlenhoff at 2022-08-22T12:04:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -604,7 +604,7 @@ CVE-2022-2888
 CVE-2022-2887
        RESERVED
 CVE-2022-2886 (A vulnerability, which was classified as critical, was found in 
Larave ...)
-       TODO: check
+       NOTE: Additional misreport for laravel, likely to be rejected
 CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository 
yetiforcecomp ...)
        NOT-FOR-US: yetiforcecrm
 CVE-2022-38396
@@ -1138,9 +1138,9 @@ CVE-2022-38236 (XPDF commit ffaf11c was discovered to 
contain a global-buffer ov
 CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation 
violation ...)
        - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation 
violation ...)
-       TODO: check
+       - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation 
violation ...)
-       TODO: check
+       - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38232
        RESERVED
 CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer 
overflow v ...)
@@ -1165,7 +1165,7 @@ CVE-2022-38223 (There is an out-of-bounds write in 
checkType located in etc.c in
        [buster] - w3m <no-dsa> (Minor issue)
        NOTE: https://github.com/tats/w3m/issues/242
 CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() 
located in JBI ...)
-       TODO: check
+       - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle 
Evrima (the d ...)
        NOT-FOR-US: The Isle Evrima
 CVE-2022-38220
@@ -6753,7 +6753,7 @@ CVE-2022-36010 (This library allows strings to be parsed 
as functions and stored
 CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol 
federation. Dend ...)
        NOT-FOR-US: gomatrixserverlib
 CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A 
security issue ...)
-       TODO: check
+       NOT-FOR-US: Frontier
 CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with 
excellent Jav ...)
        NOT-FOR-US: Venice
 CVE-2022-36006 (Arvados is an open source platform for managing, processing, 
and shari ...)
@@ -7878,7 +7878,7 @@ CVE-2022-35542
 CVE-2022-35541
        RESERVED
 CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig &lt;1.6.8 Server allows 
remote att ...)
-       TODO: check
+       NOT-FOR-US: AgileConfig
 CVE-2022-35539
        RESERVED
 CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 
wireless.cgi has  ...)
@@ -30394,7 +30394,7 @@ CVE-2022-26070 (When handling a mismatched 
pre-authentication cookie, the applic
 CVE-2022-26024
        RESERVED
 CVE-2022-26017 (Improper access control in the Intel(R) DSA software for 
before versio ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter 
Group Eve ...)
        NOT-FOR-US: Intel
 CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and 
Webadmin ...)
@@ -31101,7 +31101,7 @@ CVE-2022-1023 (The Podcast Importer SecondLine 
WordPress plugin before 1.3.8 doe
 CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository 
chatwoot/chat ...)
        NOT-FOR-US: chatwoot
 CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository 
chatwoo ...)
-       TODO: check
+       NOT-FOR-US: chatwoot
 CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress 
plugin b ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has 
a buffer ...)
@@ -38728,7 +38728,7 @@ CVE-2022-0543 (It was discovered, that redis, a 
persistent key-value database, d
        [stretch] - redis <not-affected> (Lua support plus packaging issue 
introduced later)
        NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
 CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository 
chatwoot/chatwoo ...)
-       TODO: check
+       NOT-FOR-US: chatwoot
 CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into 
wp-conf ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated 
attack ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to