[Git][security-tracker-team/security-tracker][master] Reassociate some NFUs with traefik, itp'ed

Fri Dec 9 09:52:26 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
85f52065 by Salvatore Bonaccorso at 2022-12-09T10:51:52+01:00
Reassociate some NFUs with traefik, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22925,7 +22925,7 @@ CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform
 CVE-2022-39272 (Flux is an open and extensible continuous delivery solution for Kubern ...)
 	NOT-FOR-US: Flux
 CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...)
 	NOT-FOR-US: DiscoTOC Discourse theme
 CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -68617,7 +68617,7 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re
 	NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
 	NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
 CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
 	NOT-FOR-US: superjson
 CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
@@ -112732,7 +112732,7 @@ CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, wri
 CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...)
 	NOT-FOR-US: Skytable
 CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
 	NOT-FOR-US: Monkshu
 CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to  ...)
@@ -127049,7 +127049,7 @@ CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Ru
 CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
 	NOT-FOR-US: Rust crate nb-connect
 CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other  ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
 	NOT-FOR-US: VertiGIS WebOffice
 CVE-2021-27373
@@ -185802,7 +185802,7 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
 CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android,  ...)
 	NOT-FOR-US: DuckDuckGo application for Android and iOS
 CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...)
 	NOT-FOR-US: Smarter Coffee Maker
 CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
@@ -186741,7 +186741,7 @@ CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2,
 CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
 	NOT-FOR-US: Node slpjs
 CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists  ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
 	NOT-FOR-US: October CMS
 CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0,  ...)
@@ -203740,7 +203740,7 @@ CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Direct
 CVE-2020-9322
 	RESERVED
 CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2020-9320 (** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detectio ...)
 	NOT-FOR-US: Avira
 CVE-2020-9319
@@ -249394,7 +249394,7 @@ CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_d
 CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in t ...)
 	NOT-FOR-US: MicroStrategy Web
 CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
-	NOT-FOR-US: Containous Traefik
+	- traefik <itp> (bug #983289)
 CVE-2019-12451
 	RESERVED
 CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...)
@@ -295391,7 +295391,7 @@ CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear
 	NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
 	NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00
 CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...)
-	NOT-FOR-US: Traefik
+	- traefik <itp> (bug #983289)
 CVE-2018-15597
 	RESERVED
 CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f520653ec9fc3bdba4b3d410ed3b5c5cb707ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85f520653ec9fc3bdba4b3d410ed3b5c5cb707ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221209/439989a6/attachment.htm>
