[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon Aug 1 21:57:35 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9b71dbe by Salvatore Bonaccorso at 2022-08-01T22:56:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prio
 	NOTE: Introduced in: https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0 (v3.1.0)
 	NOTE: https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d (v3.2.10)
 CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to  ...)
-	TODO: check
+	NOT-FOR-US: Titra
 CVE-2022-2594
 	RESERVED
 CVE-2022-2593
@@ -562,7 +562,7 @@ CVE-2022-37038
 CVE-2022-2590
 	RESERVED
 CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...)
-	TODO: check
+	NOT-FOR-US: Fava
 CVE-2022-37037
 	RESERVED
 CVE-2022-37036
@@ -2438,9 +2438,9 @@ CVE-2022-36304 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting
 CVE-2022-36303 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS)  ...)
 	NOT-FOR-US: Vesta
 CVE-2022-36302 (File path manipulation vulnerability in BF-OS version 3.00 up to and i ...)
-	TODO: check
+	NOT-FOR-US: BF-OS
 CVE-2022-36301 (BF-OS version 3.x up to and including 3.83 do not enforce strong passw ...)
-	TODO: check
+	NOT-FOR-US: BF-OS
 CVE-2022-36300
 	RESERVED
 CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3 allows a r ...)
@@ -15773,7 +15773,7 @@ CVE-2022-31150 (undici is an HTTP/1.1 client, written from scratch for Node.js.
 CVE-2022-31149
 	RESERVED
 CVE-2022-31148 (Shopware is an open source e-commerce software. In versions from 5.7.0 ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...)
 	NOT-FOR-US: jquery-validation
 CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...)
@@ -15820,7 +15820,7 @@ CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, man
 	NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973
 	NOTE: https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
 CVE-2022-31128 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2022-31127 (NextAuth.js is a complete open source authentication solution for Next ...)
 	NOT-FOR-US: NextAuth.js
 CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
@@ -15866,7 +15866,7 @@ CVE-2022-31111 (Frontier is Substrate's Ethereum compatibility layer. In affecte
 CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In commits pr ...)
 	NOT-FOR-US: RSSHub
 CVE-2022-31109 (laminas-diactoros is a PHP package containing implementations of the P ...)
-	TODO: check
+	NOT-FOR-US: laminas-diactoros
 CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses  ...)
 	- node-mermaid <unfixed> (bug #1014540)
 	[bullseye] - node-mermaid <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b71dbec37778fc5ff722655978dd1f8277e212

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9b71dbec37778fc5ff722655978dd1f8277e212
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220801/2f29187b/attachment-0001.htm>
