[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri Aug 5 10:04:02 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a509869d by Neil Williams at 2022-08-05T10:02:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,7 +119,7 @@ CVE-2022-2655
 CVE-2022-2654
 	RESERVED
 CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
-	TODO: check
+	NOT-FOR-US: plankanban/planka
 CVE-2022-2652 (Depending on the way the format strings in the card label are crafted  ...)
 	- v4l2loopback <unfixed> (bug #1016685)
 	NOTE: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
@@ -5672,11 +5672,11 @@ CVE-2022-35146
 CVE-2022-35145
 	RESERVED
 CVE-2022-35144 (Renato v0.17.0 was discovered to contain a cross-site scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: gilbitron/Renato
 CVE-2022-35143 (Renato v0.17.0 employs weak password complexity requirements, allowing ...)
-	TODO: check
+	NOT-FOR-US: gilbitron/Renato
 CVE-2022-35142 (An issue in Renato v0.17.0 allows attackers to cause a Denial of Servi ...)
-	TODO: check
+	NOT-FOR-US: gilbitron/Renato
 CVE-2022-35141
 	RESERVED
 CVE-2022-35140
@@ -31853,7 +31853,7 @@ CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
 	NOT-FOR-US: libvcs
 CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: acrontum/filesystem-template
 CVE-2022-21169
 	RESERVED
 CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a509869d57ee09117cb51f9853c08cc6b491d048

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a509869d57ee09117cb51f9853c08cc6b491d048
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/5298255f/attachment.htm>

More information about the debian-security-tracker-commits mailing list