[Git][security-tracker-team/security-tracker][master] new htmldoc non issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 27 16:00:34 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5ff5faf by Moritz Muehlenhoff at 2022-04-27T16:59:50+02:00
new htmldoc non issue
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4392,7 +4392,7 @@ CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14
 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions  ...)
 	- gitlab <unfixed>
 CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -4932,7 +4932,10 @@ CVE-2022-28087
 CVE-2022-28086
 	RESERVED
 CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in  ...)
-	TODO: check
+	- htmldoc <unfixed> (unimportant)
+	NOTE: https://github.com/michaelrsweet/htmldoc/issues/480
+	NOTE: https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-28084
 	RESERVED
 CVE-2022-28083
@@ -15386,7 +15389,7 @@ CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise
 CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
@@ -15726,7 +15729,7 @@ CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in a
 CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in  ...)
-	TODO: check
+	NOT-FOR-US: Irker
 CVE-2022-0424
 	RESERVED
 CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...)
@@ -43931,7 +43934,7 @@ CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versi
 CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters can be abu ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting  ...)
 	- gitlab <unfixed>
 CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
@@ -43999,7 +44002,7 @@ CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jir
 CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
 	- gitlab <unfixed>
 CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to  ...)
 	- gitlab <unfixed>
 CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
@@ -51464,7 +51467,7 @@ CVE-2021-36897
 CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36894
 	RESERVED
 CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -51520,7 +51523,7 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress
 CVE-2021-36868
 	RESERVED
 CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36866
 	RESERVED
 CVE-2021-36865
@@ -77314,9 +77317,9 @@ CVE-2021-26631
 CVE-2021-26630
 	RESERVED
 CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Xplatform
 CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...)
-	TODO: check
+	NOT-FOR-US: Maxboard
 CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...)
 	NOT-FOR-US: EDrhyme QCP camera
 CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ff5faf50715e273b4c34898c19e65ca6dad639

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5ff5faf50715e273b4c34898c19e65ca6dad639
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220427/0f5450e4/attachment.htm>

More information about the debian-security-tracker-commits mailing list