[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jan 7 16:13:12 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d04367bd by Moritz Muehlenhoff at 2022-01-07T17:12:47+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,15 +13,15 @@ CVE-2022-0141
 CVE-2022-0140
 	RESERVED
 CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension UniversalLanguageSelector
 CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension SecurePoll
 CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension MassEditRegex
 CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
 CVE-2022-22728
 	RESERVED
 CVE-2022-22727
@@ -94,7 +94,7 @@ CVE-2022-22706
 CVE-2022-22705
 	RESERVED
 CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
-	TODO: check
+	NOT-FOR-US: zabbix-agent2 package for Alpine
 CVE-2022-22703
 	RESERVED
 CVE-2022-22702
@@ -2451,10 +2451,9 @@ CVE-2021-44460
 	RESERVED
 CVE-2021-4178
 	RESERVED
-	- kubernetes <undetermined>
+	NOT-FOR-US: fabric8io/kubernetes-client
 	NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388
-	TODO: check, this does not seem to affect kubernetes-client from src:kubernetes but fabric8io/kubernetes-client
 CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -8449,7 +8448,7 @@ CVE-2021-43864
 CVE-2021-43863
 	RESERVED
 CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
-	TODO: check
+	NOT-FOR-US: jQuery Terminal Emulator
 CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses  ...)
 	- node-mermaid <unfixed>
 	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
@@ -8563,11 +8562,11 @@ CVE-2021-43816 (containerd is an open source container runtime. On installations
 CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
 CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
-	TODO: check
+	NOT-FOR-US: Rizin
 CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
 CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Next.js SDK
 CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
 	NOT-FOR-US: Sockeye
 CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
@@ -15259,29 +15258,29 @@ CVE-2022-20025
 CVE-2022-20024
 	RESERVED
 CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20017
 	RESERVED
 CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2021-42328
 	RESERVED
 CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04367bd4ad5f1279fbba473331fed4a3f14fe02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04367bd4ad5f1279fbba473331fed4a3f14fe02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220107/bd0efcc4/attachment.htm>

More information about the debian-security-tracker-commits mailing list