[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 25 Aug 2023 02:50:28 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a7eba22 by Moritz Muehlenhoff at 2023-08-25T11:49:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2023-34972 (A cleartext transmission of sensitive 
information vulnerability
 CVE-2023-34971 (An inadequate encryption strength vulnerability has been 
reported to a ...)
        NOT-FOR-US: QNAP
 CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 
2.9.10 and e ...)
-       - kafka <itp> (bug #786460)
+       NOT-FOR-US: Spring for Kafka
 CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
GloriaFo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Booking  ...)
@@ -128,9 +128,9 @@ CVE-2023-40273 (The session fixation vulnerability allowed 
the authenticated use
 CVE-2023-40270
        REJECTED
 CVE-2023-40185 (shescape is simple shell escape library for JavaScript. This 
may impac ...)
-       TODO: check
+       NOT-FOR-US: Node shescape
 CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks 
that runs  ...)
-       TODO: check
+       NOT-FOR-US: Node saml
 CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
        NOT-FOR-US: XWiki
 CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -402,7 +402,7 @@ CVE-2022-48547 (A reflected cross-site scripting (XSS) 
vulnerability in Cacti 0.
        NOTE: Fixed by: 
https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b 
(0.8.7h)
        NOTE: Duplicate CVE assignment for CVE-2021-26247
 CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause 
denial of s ...)
-       TODO: check
+       - xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows 
remote att ...)
        - imagemagick 8:6.9.11.57+dfsg-1
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889
@@ -22255,7 +22255,7 @@ CVE-2023-1411
 CVE-2023-1410 (Grafana is an open-source platform for monitoring and 
observability.   ...)
        - grafana <removed>
 CVE-2023-1409 (If the MongoDB Server running on Windows or macOS is configured 
to use ...)
-       TODO: check
+       - mongodb <not-affected> (Only applies to MacOS and Windows)
 CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an 
invalid kfr ...)
        - linux 6.3.7-1 (unimportant)
        [bookworm] - linux 6.1.37-1
@@ -111382,7 +111382,7 @@ CVE-2022-25026 (A Server-Side Request Forgery (SSRF) 
in Rocket TRUfusion Portal
 CVE-2022-25025
        RESERVED
 CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error 
in type ...)
-       TODO: check
+       NOT-FOR-US: json2xml
 CVE-2022-25023 (Audio File commit 004065d was discovered to contain a 
heap-buffer over ...)
        NOT-FOR-US: AudioFile (different from src:audiofile)
 CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 
allows atta ...)
@@ -133554,7 +133554,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 
happily processes a chain
 CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the 
Ignition ...)
        NOT-FOR-US: coreos-installer
 CVE-2021-43171 (Improper verification of applications' cryptographic 
signatures in the ...)
-       TODO: check
+       NOT-FOR-US: App Lounge
 CVE-2021-43170
        RESERVED
 CVE-2021-43169
@@ -210932,7 +210932,7 @@ CVE-2020-25889 (Online Bus Booking System Project 
Using PHP/MySQL version 1.0 ha
 CVE-2020-25888
        RESERVED
 CVE-2020-25887 (Buffer overflow in mg_resolve_from_hosts_file in Mongoose 
6.18, when r ...)
-       TODO: check
+       NOT-FOR-US: Cesenta Mongoose
 CVE-2020-25886
        RESERVED
 CVE-2020-25885
@@ -220593,7 +220593,7 @@ CVE-2020-21701
 CVE-2020-21700
        RESERVED
 CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version 
from 0.5.6 ...)
-       TODO: check
+       NOT-FOR-US: Tengine
 CVE-2020-21698
        RESERVED
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in 
libavfo ...)
@@ -223939,7 +223939,6 @@ CVE-2020-20146
        RESERVED
 CVE-2020-20145
        REJECTED
-       TODO: check
 CVE-2020-20144
        RESERVED
 CVE-2020-20143



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7eba2264f5f44ad5899ee8680c82ea99dacbc1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7eba2264f5f44ad5899ee8680c82ea99dacbc1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to