[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri Feb 18 14:36:54 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6607d8bd by Neil Williams at 2022-02-18T14:36:26+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2710,7 +2710,8 @@ CVE-2022-0474 (Full list of recipients from customer users in a contact field co
 	NOT-FOR-US: OTRS
 	NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
 CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
 CVE-2022-24308
 	RESERVED
 CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
@@ -5025,7 +5026,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
 	NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
 	NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151)
 CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
-	TODO: check
+	NOT-FOR-US: go-attestation
 CVE-2022-0316
 	RESERVED
 CVE-2022-0315
@@ -7896,7 +7897,7 @@ CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before c
 CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...)
 	NOT-FOR-US: ScratchOAuth2
 CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...)
-	TODO: check
+	NOT-FOR-US: ScratchOAuth2
 CVE-2021-46248
 	RESERVED
 CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the  ...)
@@ -17349,9 +17350,9 @@ CVE-2022-21678 (Discourse is an open source discussion platform. Prior to versio
 CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can  ...)
 	NOT-FOR-US: Discourse
 CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
-	TODO: check
+	NOT-FOR-US: Engine.IO
 CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...)
-	TODO: check
+	NOT-FOR-US: Bytecode Viewer
 CVE-2022-21674
 	RESERVED
 CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6607d8bd5e0bbb19544adb517df2d70384428fc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6607d8bd5e0bbb19544adb517df2d70384428fc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/7afb4c5d/attachment.htm>

More information about the debian-security-tracker-commits mailing list