[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Apr 21 09:08:00 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df0de439 by Neil Williams at 2022-04-21T09:07:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2182,7 +2182,7 @@ CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prio
 CVE-2022-1255
 	RESERVED
 CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...)
-	TODO: check
+	NOT-FOR-US: Skyhigh SWG
 CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
 	- libde265 <unfixed>
 	[stretch] - libde265 <no-dsa> (Minor issue)
@@ -12814,7 +12814,7 @@ CVE-2022-24834
 CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone where the  ...)
 	TODO: check
 CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...)
-	TODO: check
+	NOT-FOR-US: GoCD
 CVE-2022-24831
 	RESERVED
 CVE-2022-24830
@@ -12826,7 +12826,7 @@ CVE-2022-24828 (Composer is a dependency manager for the PHP programming languag
 CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web  ...)
 	TODO: check
 CVE-2022-24826 (On Windows, if Git LFS operates on a malicious repository with a `..ex ...)
-	TODO: check
+	NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches)
 CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The pr ...)
 	TODO: check
 CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...)
@@ -13372,7 +13372,7 @@ CVE-2022-0542
 CVE-2022-0541
 	RESERVED
 CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: Jira Seraph
 CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
 	NOT-FOR-US: beanstalk_console
 CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
@@ -15382,7 +15382,7 @@ CVE-2022-22987 (The affected product has a hardcoded private key available insid
 CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...)
 	NOT-FOR-US: GE
 CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP functionali ...)
-	TODO: check
+	NOT-FOR-US: LeadTools
 CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -29170,11 +29170,11 @@ CVE-2021-43992
 CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable t ...)
 	NOT-FOR-US: Kentico Xperience CMS
 CVE-2021-43990 (The affected product is vulnerable to a network-based attack by threat ...)
-	TODO: check
+	NOT-FOR-US: FANUC Roboguide
 CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43988 (The affected product is vulnerable to a network-based attack by threat ...)
-	TODO: check
+	NOT-FOR-US: FANUC Roboguide
 CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA  ...)
 	NOT-FOR-US: mySCADA myPRO
 CVE-2021-43986 (The setup program for the affected product configures its files and fo ...)
@@ -29639,7 +29639,7 @@ CVE-2021-43935 (The impacted products, when configured to use SSO, are affected
 CVE-2021-43934
 	RESERVED
 CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...)
-	TODO: check
+	NOT-FOR-US: FANUC Roboguide
 CVE-2021-43932
 	RESERVED
 CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0de439f37129c72e52072217cab93fc1640092

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df0de439f37129c72e52072217cab93fc1640092
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/1efa0630/attachment.htm>

More information about the debian-security-tracker-commits mailing list