[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 21 Sep 2024 11:31:10 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4a930978 by Salvatore Bonaccorso at 2024-09-21T20:30:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119269,7 +119269,7 @@ CVE-2023-27585 (PJSIP is a free and open source 
multimedia communication library
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
        NOTE: 
https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
 CVE-2023-27584 (Dragonfly is an open source P2P-based file distribution and 
image acce ...)
-       TODO: check
+       NOT-FOR-US: Dragonfly
 CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior 
to versi ...)
        NOT-FOR-US: PanIndex
 CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with 
version 0 ...)
@@ -138979,7 +138979,7 @@ CVE-2022-4535
 CVE-2022-4534
        RESERVED
 CVE-2022-4533 (The Limit Login Attempts Plus plugin for WordPress is 
vulnerable to IP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress 
is vuln ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4531
@@ -204081,13 +204081,13 @@ CVE-2022-25779 (Logging of Excessive Data 
vulnerability in audit log of Secomea
 CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of 
Secomea G ...)
        NOT-FOR-US: Secomea
 CVE-2022-25777 (Prior to the patched version, an authenticated user of Mautic 
could re ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25776 (Prior to the patched version, logged in users of Mautic are 
able to ac ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25775 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25773
        RESERVED
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking 
compone ...)
@@ -204095,11 +204095,11 @@ CVE-2022-25772 (A cross-site scripting (XSS) 
vulnerability in the web tracking c
 CVE-2022-25771
        RESERVED
 CVE-2022-25770 (Mautic allows you to update the application via an upgrade 
script.  Th ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25769 (ImpactThe default .htaccess file has some restrictions in the 
access t ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25768 (The logic in place to facilitate the update process via the 
user inter ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request 
validation o ...)
        {DSA-5206-1 DLA-3279-1}
        - trafficserver 9.1.3+ds-1
@@ -269151,11 +269151,11 @@ CVE-2021-3420 (A flaw was found in newlib in 
versions prior to 4.0.0. Improper o
        NOTE: Fix in picolibc: 
https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
        NOTE: 
https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
 CVE-2021-27917 (Prior to this patch, a stored XSS vulnerability existed in the 
contact ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27916 (Prior to the patched version, logged in users of Mautic are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27915 (Prior to the patched version, there is an XSS vulnerability in 
the des ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer 
component  ...)
        NOT-FOR-US: installer component of Mautic
 CVE-2021-27913 (The function mt_rand is used to generate session tokens, this 
function ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a9309788ef83470a55a184f706974f20267924e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a9309788ef83470a55a184f706974f20267924e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to