[Git][security-tracker-team/security-tracker][master] new bwm-ng non issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 20 12:42:40 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc57db97 by Moritz Muehlenhoff at 2022-04-20T13:35:20+02:00
new bwm-ng non issue
new gitlab issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -292,9 +292,9 @@ CVE-2022-1386
 CVE-2022-29405
 	RESERVED
 CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9
@@ -488,7 +488,7 @@ CVE-2022-29317
 CVE-2022-29316
 	RESERVED
 CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...)
-	TODO: check
+	NOT-FOR-US: Invicti Acunetix
 CVE-2022-29314
 	RESERVED
 CVE-2022-29313
@@ -556,7 +556,7 @@ CVE-2022-29283
 CVE-2022-29282
 	RESERVED
 CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of ...)
-	TODO: check
+	NOT-FOR-US: Notable
 CVE-2022-29280
 	RESERVED
 CVE-2022-29279
@@ -618,7 +618,7 @@ CVE-2022-1367
 CVE-2022-1366
 	RESERVED
 CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
-	TODO: check
+	NOT-FOR-US: lquixada/cross-fetch
 CVE-2022-29265
 	RESERVED
 CVE-2022-1364
@@ -891,7 +891,10 @@ CVE-2022-1343
 CVE-2022-1342
 	RESERVED
 CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...)
-	TODO: check
+	- bwm-ng <unfixed> (unimportant)
+	NOTE: https://github.com/vgropp/bwm-ng/issues/26
+	NOTE: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17
+	NOTE: No security impact
 CVE-2022-1340
 	RESERVED
 CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
@@ -1084,7 +1087,7 @@ CVE-2022-1331
 CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
 	TODO: check
 CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...)
 	- mutt 2.2.3-1 (bug #1009734)
 	- neomutt <unfixed> (bug #1009735)
@@ -1110,7 +1113,7 @@ CVE-2022-1320
 CVE-2022-29081
 	RESERVED
 CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...)
-	TODO: check
+	NOT-FOR-US: Node npm-dependency-versions
 CVE-2022-29079
 	RESERVED
 CVE-2022-29078
@@ -3198,7 +3201,7 @@ CVE-2022-1195
 CVE-2022-1194
 	RESERVED
 CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-1192
 	RESERVED
 CVE-2021-46779
@@ -3396,15 +3399,15 @@ CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...)
 	NOT-FOR-US: Tekon KIO devices
 CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-28220
 	RESERVED
 CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab  ...)
@@ -3862,7 +3865,7 @@ CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab
 CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...)
 	- gitlab <unfixed>
 CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1118
 	RESERVED
 CVE-2022-1117



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc57db970776ac0a798e8b57009197bb2bb22a4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc57db970776ac0a798e8b57009197bb2bb22a4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/bc5d1dc9/attachment.htm>

More information about the debian-security-tracker-commits mailing list