[Git][security-tracker-team/security-tracker][master] Update notes for furnace CVEs

Sat, 19 Oct 2024 08:06:04 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c2a5942 by Salvatore Bonaccorso at 2024-10-19T16:27:26+02:00
Update notes for furnace CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -201066,7 +201066,9 @@ CVE-2022-1291 (XSS vulnerability with default 
`onCellHtmlData` function in GitHu
 CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub 
repository polo ...)
        NOT-FOR-US: Trudesk
 CVE-2022-1289 (A denial of service vulnerability was found in tildearrow 
Furnace. It  ...)
-       - furnace <not-affected> (Fixed before initial upload)
+       - furnace <not-affected> (No Debian released version affected by 
CVE-2022-1211)
+       NOTE: CVE assigned for incomple fix for CVE-2022-1211.
+       NOTE: 
https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655
 CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an 
attacke ...)
        - apache-jena 4.5.0-1 (bug #1014982)
        NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
@@ -202421,6 +202423,7 @@ CVE-2022-28378 (Craft CMS before 3.7.29 allows XSS.)
        NOT-FOR-US: Craft CMS
 CVE-2022-1211 (A vulnerability classified as critical has been found in 
tildearrow Fu ...)
        - furnace <not-affected> (Fixed before initial upload)
+       NOTE: https://github.com/tildearrow/furnace/issues/325
 CVE-2022-28377 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and 
OutDoorUnit ...)
        NOT-FOR-US: Verizon
 CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 
allow anyon ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a5942835544f8861a5ae6a1f460c182c0ba2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a5942835544f8861a5ae6a1f460c182c0ba2c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to