[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 22 11:04:45 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84bffc47 by Moritz Muehlenhoff at 2022-08-22T12:04:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -604,7 +604,7 @@ CVE-2022-2888
 CVE-2022-2887
 	RESERVED
 CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
-	TODO: check
+	NOTE: Additional misreport for laravel, likely to be rejected
 CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2022-38396
@@ -1138,9 +1138,9 @@ CVE-2022-38236 (XPDF commit ffaf11c was discovered to contain a global-buffer ov
 CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38232
 	RESERVED
 CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
@@ -1165,7 +1165,7 @@ CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in
 	[buster] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/242
 CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...)
 	NOT-FOR-US: The Isle Evrima
 CVE-2022-38220
@@ -6753,7 +6753,7 @@ CVE-2022-36010 (This library allows strings to be parsed as functions and stored
 CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...)
 	NOT-FOR-US: gomatrixserverlib
 CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...)
-	TODO: check
+	NOT-FOR-US: Frontier
 CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...)
 	NOT-FOR-US: Venice
 CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...)
@@ -7878,7 +7878,7 @@ CVE-2022-35542
 CVE-2022-35541
 	RESERVED
 CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote att ...)
-	TODO: check
+	NOT-FOR-US: AgileConfig
 CVE-2022-35539
 	RESERVED
 CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has  ...)
@@ -30394,7 +30394,7 @@ CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the applic
 CVE-2022-26024
 	RESERVED
 CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...)
 	NOT-FOR-US: Intel
 CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
@@ -31101,7 +31101,7 @@ CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 doe
 CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
 	NOT-FOR-US: chatwoot
 CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository chatwoo ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...)
@@ -38728,7 +38728,7 @@ CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, d
 	[stretch] - redis <not-affected> (Lua support plus packaging issue introduced later)
 	NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
 CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84bffc47b1a833d81188d8a0fb157bd06df08daf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220822/18434f1f/attachment.htm>

More information about the debian-security-tracker-commits mailing list