[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 27 Oct 2022 13:12:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dbc98a9a by Salvatore Bonaccorso at 2022-10-27T22:12:19+02:00
Process some NFUs

- - - - -
5b8aef77 by Salvatore Bonaccorso at 2022-10-27T22:12:20+02:00
Add CVE-2022-3363/rdiffweb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5175,7 +5175,7 @@ CVE-2022-41986 (Information disclosure vulnerability in 
Android App 'IIJ SmartKe
 CVE-2022-41814
        RESERVED
 CVE-2022-41796 (Untrusted search path vulnerability in the installer of 
Content Transf ...)
-       TODO: check
+       NOT-FOR-US: installer of Content Transfer (for Windows)
 CVE-2022-41789
        RESERVED
 CVE-2022-41611
@@ -6607,7 +6607,7 @@ CVE-2022-3365
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb 
prior to 2 ...)
-       TODO: check
+       - rdiffweb <itp> (bug #969974)
 CVE-2022-3362
        RESERVED
 CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux 
kernel th ...)
@@ -6680,7 +6680,7 @@ CVE-2022-40967
 CVE-2022-40965
        RESERVED
 CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in 
AliveCor Ka ...)
-       TODO: check
+       NOT-FOR-US: AliveCor Kardia App
 CVE-2022-40204
        RESERVED
 CVE-2022-40202
@@ -6869,7 +6869,7 @@ CVE-2022-41713
 CVE-2022-41712
        RESERVED
 CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker 
to exec ...)
-       TODO: check
+       NOT-FOR-US: Badaso
 CVE-2022-41710
        RESERVED
 CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to 
execute arbit ...)
@@ -10482,7 +10482,7 @@ CVE-2022-40240
 CVE-2022-40239
        RESERVED
 CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software 
prior to ...)
-       TODO: check
+       NOT-FOR-US: CERT software
 CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw 
may occ ...)
        - linux <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341
@@ -12494,15 +12494,15 @@ CVE-2022-39357 (Winter is a free, open-source content 
management system based on
 CVE-2022-39356
        RESERVED
 CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse 
Groups and  ...)
-       TODO: check
+       NOT-FOR-US: Discourse Patreon
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of 
Ethereum Virtu ...)
-       TODO: check
+       NOT-FOR-US: Rust crate evm
 CVE-2022-39353
        RESERVED
 CVE-2022-39352
        RESERVED
 CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows 
organiza ...)
-       TODO: check
+       NOT-FOR-US: Dependency-Track
 CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) 
used in D ...)
        TODO: check
 CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do 
lists and re ...)
@@ -12520,11 +12520,11 @@ CVE-2022-39344
 CVE-2022-39343
        RESERVED
 CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to 
version 0.2.4, ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2022-39339
        RESERVED
 CVE-2022-39338
@@ -13780,7 +13780,7 @@ CVE-2022-38872
 CVE-2022-38871
        RESERVED
 CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
-       TODO: check
+       NOT-FOR-US: free5GC
 CVE-2022-38869
        RESERVED
 CVE-2022-38868
@@ -16119,7 +16119,7 @@ CVE-2022-2784
 CVE-2022-2783 (In affected versions of Octopus Server it was identified that a 
sessio ...)
        NOT-FOR-US: Octopus
 CVE-2022-2782 (In affected versions of Octopus Server it is possible for a 
session to ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2022-2781 (In affected versions of Octopus Server it was identified that 
the same ...)
        NOT-FOR-US: Octopus
 CVE-2022-2780 (In affected versions of Octopus Server it is possible to use 
the Git C ...)
@@ -18616,7 +18616,7 @@ CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL 
Injection. ...)
 CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These 
interfaces do n ...)
        NOT-FOR-US: JFinal CMS
 CVE-2022-37202 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via 
/admin/advicefeedb ...)
-       TODO: check
+       NOT-FOR-US: JFinal CMS
 CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)
        NOT-FOR-US: JFinal CMS
 CVE-2022-37200
@@ -20355,13 +20355,13 @@ CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 
was discovered to contain
 CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to 
contain a co ...)
        NOT-FOR-US: TOTOLINK
 CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab 
through 9 ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 
9.1.3 thr ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel 
MiCollab th ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2022-36451 (A vulnerability in the MiCollab Client server component of 
Mitel MiCol ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows 
obsidian://hook-get-ad ...)
        NOT-FOR-US: Obsidian
 CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A 
non-privi ...)
@@ -20667,7 +20667,7 @@ CVE-2022-2509 (A vulnerability found in gnutls. This 
security flaw happens becau
        NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
        NOTE: 
https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2
 CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal 
the ex ...)
-       TODO: check
+       NOT-FOR-US: Octopus Server
 CVE-2022-2507
        RESERVED
 CVE-2022-2506



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to