Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
85f52065 by Salvatore Bonaccorso at 2022-12-09T10:51:52+01:00
Reassociate some NFUs with traefik, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22925,7 +22925,7 @@ CVE-2022-39273 (FlyteAdmin is the control plane for the
data processing platform
CVE-2022-39272 (Flux is an open and extensible continuous delivery solution
for Kubern ...)
NOT-FOR-US: Flux
CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy
and load b ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table
of cont ...)
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -68617,7 +68617,7 @@ CVE-2022-23633 (Action Pack is a framework for handling
and responding to web re
NOTE: Fixed by:
https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08
(v5.2.6.1)
NOTE: Followup:
https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1
(v5.2.6.2)
CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to
version 2 ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be
serialize ...)
NOT-FOR-US: superjson
CVE-2022-23630 (Gradle is a build tool with a focus on build automation and
support fo ...)
@@ -112732,7 +112732,7 @@ CVE-2021-32815 (Exiv2 is a command-line utility and
C++ library for reading, wri
CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS.
Version ...)
NOT-FOR-US: Skytable
CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to
version 2 ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps
(iOS and A ...)
NOT-FOR-US: Monkshu
CVE-2021-32811 (Zope is an open-source web application server. Zope versions
prior to ...)
@@ -127049,7 +127049,7 @@ CVE-2021-27377 (An issue was discovered in the
yottadb crate before 1.2.0 for Ru
CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3
for Rust. ...)
NOT-FOR-US: Rust crate nb-connect
CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements
from other ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1
before p ...)
NOT-FOR-US: VertiGIS WebOffice
CVE-2021-27373
@@ -185802,7 +185802,7 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a
thumbnail size range check. This
CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for
Android, ...)
NOT-FOR-US: DuckDuckGo application for Android and iOS
CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions
to proce ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before
2nd genera ...)
NOT-FOR-US: Smarter Coffee Maker
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through
3.0.0. T ...)
@@ -186741,7 +186741,7 @@ CVE-2020-15131 (In SLP Validate (npm package
slp-validate) before version 1.2.2,
CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a
vulnera ...)
NOT-FOR-US: Node slpjs
CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there
exists ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values
were not ...)
NOT-FOR-US: October CMS
CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version
1.7.0, ...)
@@ -203740,7 +203740,7 @@ CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows
Unauthenticated File and Direct
CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2020-9320 (** DISPUTED ** Avira AV Engine before 8.3.54.138 allows
virus-detectio ...)
NOT-FOR-US: Avira
CVE-2020-9319
@@ -249394,7 +249394,7 @@ CVE-2019-12454 (** DISPUTED ** An issue was
discovered in wcd9335_codec_enable_d
CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is
possible in t ...)
NOT-FOR-US: MicroStrategy Web
CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11,
when the -- ...)
- NOT-FOR-US: Containous Traefik
+ - traefik <itp> (bug #983289)
CVE-2019-12451
RESERVED
CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0)
before 2.60.0 ...)
@@ -295391,7 +295391,7 @@ CVE-2018-15599 (The recv_msg_userauth_request
function in svr-auth.c in Dropbear
NOTE:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00
CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used,
exposes the ...)
- NOT-FOR-US: Traefik
+ - traefik <itp> (bug #983289)
CVE-2018-15597
RESERVED
CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in
MyBB 1.8.17 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f520653ec9fc3bdba4b3d410ed3b5c5cb707ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f520653ec9fc3bdba4b3d410ed3b5c5cb707ac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
