[Git][security-tracker-team/security-tracker][master] four airflow related issues not in airflow itself

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db8af07b by Moritz Muehlenhoff at 2022-12-09T21:32:25+01:00
four airflow related  issues not in airflow itself

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18697,7 +18697,7 @@ CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing o
 CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...)
 	NOT-FOR-US: ebuild package for SmokePing on Gentoo
 CVE-2022-41131 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	- airflow <itp> (bug #819700)
+	NOT-FOR-US: Airflow Hive provider
 CVE-2022-41130
 	RESERVED
 CVE-2022-41129
@@ -19067,7 +19067,7 @@ CVE-2022-40956
 CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with sufficie ...)
 	NOT-FOR-US: Apache InLong
 CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	- airflow <itp> (bug #819700)
+	NOT-FOR-US: Airflow Spark provider
 CVE-2022-40701
 	RESERVED
 CVE-2022-40220
@@ -20849,7 +20849,7 @@ CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability i
 CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40189 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	- airflow <itp> (bug #819700)
+	NOT-FOR-US: Airflow Pig provider
 CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Po ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-38976
@@ -24979,7 +24979,7 @@ CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfigurati
 CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure dese ...)
 	NOT-FOR-US: VMware
 CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	- airflow <itp> (bug #819700)
+	NOT-FOR-US: Airflow Pinot provider
 CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...)
 	- batik 1.15+dfsg-1 (bug #1020589)
 	[bullseye] - batik <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db8af07b70a079644f1261069f709781d3dcb745

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db8af07b70a079644f1261069f709781d3dcb745
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221209/777f1393/attachment.htm>