[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 08 Sep 2022 12:44:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
45be27c2 by Salvatore Bonaccorso at 2022-09-08T21:44:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4029,7 +4029,7 @@ CVE-2022-38533 (In GNU Binutils before 2.40, there is a 
heap-buffer-overflow in
 CVE-2022-38532
        RESERVED
 CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are 
vulnerable to Rem ...)
-       TODO: check
+       NOT-FOR-US: FPT router
 CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to 
contain a sta ...)
        - gpac <unfixed>
        [bullseye] - gpac <no-dsa> (Minor issue)
@@ -7819,11 +7819,11 @@ CVE-2022-37148
 CVE-2022-37147
        RESERVED
 CVE-2022-37146 (The PlexTrac platform prior to version 1.28.0 allows for 
username enum ...)
-       TODO: check
+       NOT-FOR-US: PlexTrac
 CVE-2022-37145 (The PlexTrac platform prior to version 1.17.0 does not 
restrict excess ...)
-       TODO: check
+       NOT-FOR-US: PlexTrac
 CVE-2022-37144 (The PlexTrac platform prior to API version 1.17.0 does not 
restrict ex ...)
-       TODO: check
+       NOT-FOR-US: PlexTrac
 CVE-2022-37143
        RESERVED
 CVE-2022-37142
@@ -10558,9 +10558,9 @@ CVE-2022-36091
 CVE-2022-36090
        RESERVED
 CVE-2022-36089 (KubeVela is an application delivery platform Users using 
KubeVela's Ve ...)
-       TODO: check
+       NOT-FOR-US: KubeVela
 CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations 
via either ...)
-       TODO: check
+       NOT-FOR-US: GoCD
 CVE-2022-36087
        RESERVED
 CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std 
systems. Prior ...)
@@ -10574,9 +10574,9 @@ CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - 
JWA, JWS, JWE, JWT, JWK,
 CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga 
from Mang ...)
        TODO: check
 CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to 
version 1.7.1, ...)
-       TODO: check
+       NOT-FOR-US: Wikmd
 CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to 
version 1.7.1, ...)
-       TODO: check
+       NOT-FOR-US: Wikmd
 CVE-2022-36079 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        TODO: check
 CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. 
The vuln ...)
@@ -10602,7 +10602,7 @@ CVE-2022-36069 (Poetry is a dependency manager for 
Python. When handling depende
 CVE-2022-36068
        RESERVED
 CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted 
Node's b ...)
-       TODO: check
+       NOT-FOR-US: Node vm2
 CVE-2022-36066
        RESERVED
 CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and 
A/B tes ...)
@@ -10614,7 +10614,7 @@ CVE-2022-36063
 CVE-2022-36062
        RESERVED
 CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network 
protocol. In ...)
-       TODO: check
+       NOT-FOR-US: Elrond go
 CVE-2022-36060
        RESERVED
 CVE-2022-36059
@@ -10629,7 +10629,7 @@ CVE-2022-36059
        NOTE: 
https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0
        NOTE: 
https://github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f
 (v19.4.0)
 CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network 
protocol. In ...)
-       TODO: check
+       NOT-FOR-US: Elrond go
 CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the 
Discourse o ...)
        NOT-FOR-US: Discourse-Chat
 CVE-2022-36056
@@ -10647,7 +10647,7 @@ CVE-2022-36051 (ZITADEL combines the ease of Auth0 and 
the versatility of Keyclo
 CVE-2022-36050
        RESERVED
 CVE-2022-36049 (Flux2 is a tool for keeping Kubernetes clusters in sync with 
sources o ...)
-       TODO: check
+       NOT-FOR-US: Flux project fluxcd
 CVE-2022-36048 (Zulip is an open-source team collaboration tool with 
topic-based threa ...)
        NOT-FOR-US: Zulip
 CVE-2022-36047
@@ -11921,7 +11921,7 @@ CVE-2022-35515
 CVE-2022-35514
        RESERVED
 CVE-2022-35513 (The Blink1Control2 application &lt;= 2.2.7 uses weak password 
encrypti ...)
-       TODO: check
+       NOT-FOR-US: Blink1Control2 application
 CVE-2022-35512
        RESERVED
 CVE-2022-35511
@@ -23054,7 +23054,7 @@ CVE-2022-31416
 CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a 
SQL inje ...)
        NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31414 (D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to 
contain a  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2022-31413
        RESERVED
 CVE-2022-31412
@@ -23473,7 +23473,7 @@ CVE-2022-31248 (A Observable Response Discrepancy 
vulnerability in spacewalk-jav
 CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, 
allows any us ...)
        TODO: check
 CVE-2022-1807 (Multiple SQLi vulnerabilities in Webadmin allow for privilege 
escalati ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
rtxteam/rt ...)
        NOT-FOR-US: RTX
 CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// 
URL in the ...)
@@ -23679,9 +23679,9 @@ CVE-2022-31169 (Wasmtime is a standalone runtime for 
WebAssembly. There is a bug
 CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect 
authorizat ...)
        NOT-FOR-US: Zulip
 CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs 
for XWik ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-31166 (XWiki Platform Old Core is a core package for XWiki Platform, 
a generi ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2022-31165
        RESERVED
 CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A 
vulnerability ...)
@@ -27006,7 +27006,7 @@ CVE-2022-30080
 CVE-2022-30079
        RESERVED
 CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through 
R6200v2-V1.0.3.12_10.1.11 a ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2022-30077
        RESERVED
 CVE-2022-30076



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45be27c28211b5a13d8fe7a5cc605a02ddab7e8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45be27c28211b5a13d8fe7a5cc605a02ddab7e8c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to