[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 4 08:27:27 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4aa100be by Moritz Muehlenhoff at 2022-02-04T09:27:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -262,7 +262,7 @@ CVE-2022-0473
 CVE-2022-24308
 	RESERVED
 CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
-	TODO: check
+	NOT-FOR-US: Mastodon
 CVE-2022-24306
 	RESERVED
 CVE-2022-24305
@@ -529,7 +529,7 @@ CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_fi
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
 	NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
 CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
-	TODO: check
+	NOT-FOR-US: Mastodon
 CVE-2022-0431
 	RESERVED
 CVE-2022-0430
@@ -874,7 +874,7 @@ CVE-2022-24125
 CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
 	NOT-FOR-US: Casdoor
 CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
-	TODO: check
+	NOT-FOR-US: MarkText
 CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...)
 	NOT-FOR-US: Unified Office
 CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
@@ -963,7 +963,7 @@ CVE-2022-0403
 CVE-2022-0402
 	RESERVED
 CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
-	TODO: check
+	NOT-FOR-US: Node w-zip
 CVE-2022-0400 [Out of bounds read in the smc protocol stack]
 	RESERVED
 	- linux <unfixed>
@@ -2831,9 +2831,9 @@ CVE-2022-23605
 CVE-2022-23604
 	RESERVED
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
-	TODO: check
+	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In  ...)
-	TODO: check
+	NOT-FOR-US: Nimforum
 CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set  ...)
 	- symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code)
 	NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
@@ -11522,11 +11522,11 @@ CVE-2021-44884
 CVE-2021-44883
 	RESERVED
 CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2021-44879
 	RESERVED
 CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
@@ -11554,7 +11554,7 @@ CVE-2021-44868
 CVE-2021-44867
 	RESERVED
 CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
-	TODO: check
+	NOT-FOR-US: Online-Movie-Ticket-Booking-System
 CVE-2021-44865
 	RESERVED
 CVE-2021-44864
@@ -13392,9 +13392,9 @@ CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Bl
 CVE-2021-44248
 	RESERVED
 CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
 	NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
 CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
@@ -14494,7 +14494,7 @@ CVE-2022-21712
 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
 	NOT-FOR-US: elfspirit
 CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
-	TODO: check
+	NOT-FOR-US: ShortDescription MediaWiki extension
 CVE-2022-21709
 	RESERVED
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220204/42d60169/attachment.htm>

More information about the debian-security-tracker-commits mailing list