[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Feb 23 08:55:20 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a32dc1e by Salvatore Bonaccorso at 2022-02-23T09:53:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6493,7 +6493,7 @@ CVE-2022-23656
 CVE-2022-23655
 	RESERVED
 CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions an authen ...)
-	TODO: check
+	NOT-FOR-US: Wiki.js
 CVE-2022-23653
 	RESERVED
 CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which provides m ...)
@@ -6537,7 +6537,7 @@ CVE-2022-23637 (K-Box is a web-based application to manage documents, images, vi
 CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior t ...)
 	NOT-FOR-US: wasmtime
 CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma`  ...)
 	- puma <unfixed> (bug #1005391)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
@@ -6604,7 +6604,7 @@ CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In
 	NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17)
 	NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
 CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giving pr ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
 	NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23610
@@ -8565,7 +8565,7 @@ CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject pers
 CVE-2022-23044
 	RESERVED
 CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file  ...)
-	TODO: check
+	NOT-FOR-US: Zenario CMS
 CVE-2022-23042
 	RESERVED
 CVE-2022-23041
@@ -16470,11 +16470,11 @@ CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libs
 	NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
 	NOTE: Issue is fixed in the testcase; negligible security impact
 CVE-2021-44567 (An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via th ...)
-	TODO: check
+	NOT-FOR-US: RosarioSIS
 CVE-2021-44566 (A Cross Site Scripting vulnerability exists RosarioSIS before 4.3 via  ...)
-	TODO: check
+	NOT-FOR-US: RosarioSIS
 CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7 ...)
-	TODO: check
+	NOT-FOR-US: RosarioSIS
 CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product,  ...)
 	NOT-FOR-US: SYNC2101
 CVE-2021-44563
@@ -94916,7 +94916,7 @@ CVE-2020-27469
 CVE-2020-27468
 	RESERVED
 CVE-2020-27467 (A Directory Traversal vulnerability exits in Processwire CMS before 2. ...)
-	TODO: check
+	NOT-FOR-US: Processwire CMS
 CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...)
 	NOT-FOR-US: rConfig
 CVE-2020-27465



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a32dc1ec94aec78460c36931c058ae0df8f62e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a32dc1ec94aec78460c36931c058ae0df8f62e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/3ca1817d/attachment-0001.htm>
