[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 9 12:29:59 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e1e2ac8 by Moritz Muehlenhoff at 2022-02-09T13:29:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2022-24696
 CVE-2022-24695
 	RESERVED
 CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
-	TODO: check
+	- mahara <removed>
 CVE-2022-24693
 	RESERVED
 CVE-2022-24692
@@ -27,7 +27,7 @@ CVE-2022-24684
 CVE-2022-24683
 	RESERVED
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2022-24681
 	RESERVED
 CVE-2022-24680
@@ -37,9 +37,9 @@ CVE-2022-24679
 CVE-2022-24678
 	RESERVED
 CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...)
-	TODO: check
+	NOT-FOR-US: HYBBS2
 CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: HYBBS2
 CVE-2022-24675
 	RESERVED
 CVE-2022-24674
@@ -96,6 +96,7 @@ CVE-2022-0533
 	RESERVED
 CVE-2022-0532
 	RESERVED
+	NOT-FOR-US: cri-o
 CVE-2022-0531
 	RESERVED
 CVE-2022-0530
@@ -797,7 +798,7 @@ CVE-2022-24385
 CVE-2022-24384
 	RESERVED
 CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: CSV+
 CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in  ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
@@ -811,7 +812,7 @@ CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination
 	NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb
 	NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
 CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
-	TODO: check
+	NOT-FOR-US: Mirantis Container Cloud Lens
 CVE-2022-0483
 	RESERVED
 CVE-2022-0482
@@ -987,7 +988,8 @@ CVE-2022-0476
 CVE-2022-0475
 	RESERVED
 CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
 CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
 	TODO: check
 CVE-2022-24308
@@ -1191,7 +1193,7 @@ CVE-2022-24284
 CVE-2022-24283
 	RESERVED
 CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
-	TODO: check
+	NOT-FOR-US: Node karma
 CVE-2022-0436
 	RESERVED
 CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
@@ -2386,9 +2388,9 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algo
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
 	NOT-FOR-US: Bromite
 CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
-	TODO: check
+	NOT-FOR-US: Gerber
 CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
-	TODO: check
+	NOT-FOR-US: Gerber
 CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
@@ -3552,9 +3554,9 @@ CVE-2022-23629
 CVE-2022-23628
 	RESERVED
 CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
-	TODO: check
+	NOT-FOR-US: ArchiSteamFarm
 CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
-	TODO: check
+	NOT-FOR-US: m1k1o/blog
 CVE-2022-23625
 	RESERVED
 CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
@@ -3607,7 +3609,7 @@ CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top
 CVE-2022-23606
 	RESERVED
 CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
-	TODO: check
+	NOT-FOR-US: Wire webapp
 CVE-2022-23604
 	RESERVED
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
@@ -3619,7 +3621,7 @@ CVE-2022-23601 (Symfony is a PHP framework for web and console applications and
 	NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
 	NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
 CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions  ...)
-	TODO: check
+	NOT-FOR-US: Fleet
 CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
 	NOT-FOR-US: Plone
 CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
@@ -4742,7 +4744,7 @@ CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserializ
 	[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...)
-	TODO: check
+	NOT-FOR-US: php_mailform
 CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...)
 	TODO: check
 CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
@@ -4994,7 +4996,7 @@ CVE-2022-23208
 CVE-2022-23207
 	RESERVED
 CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe CMS
 CVE-2021-46303
 	RESERVED
 CVE-2021-46302
@@ -8683,7 +8685,7 @@ CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to S
 CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
 	NOT-FOR-US: Samsung
 CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...)
-	TODO: check
+	NOT-FOR-US: Studio 42 elFinder
 CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of  ...)
 	- wireshark <unfixed>
 	[bullseye] - wireshark <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e1e2ac84ecf6699b99bf4c43e502fc88e75473d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e1e2ac84ecf6699b99bf4c43e502fc88e75473d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220209/58aa9387/attachment.htm>

More information about the debian-security-tracker-commits mailing list