[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44d5ee5e by Neil Williams at 2022-07-05T09:49:41+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25721,7 +25721,7 @@ CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype
 CVE-2022-25877
 	RESERVED
 CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to Server-sid ...)
-	TODO: check
+	NOT-FOR-US: Node link-preview-js
 CVE-2022-25875
 	RESERVED
 CVE-2022-25874
@@ -25805,7 +25805,7 @@ CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Co
 CVE-2022-25759
 	RESERVED
 CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...)
-	TODO: check
+	- node-scss-tokenizer <itp> (bug #885456)
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
 	- ruby-git <unfixed> (bug #1009926)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
@@ -33065,7 +33065,7 @@ CVE-2022-23765
 CVE-2022-23764
 	RESERVED
 CVE-2022-23763 (Origin validation error vulnerability in NeoRS’s ActiveX moudle  ...)
-	TODO: check
+	NOT-FOR-US: NeoRS for Windows
 CVE-2022-23762
 	RESERVED
 CVE-2022-23761
@@ -33141,7 +33141,7 @@ CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs.
 CVE-2022-23726
 	RESERVED
 CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...)
-	TODO: check
+	NOT-FOR-US: pingidentity
 CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...)
 	NOT-FOR-US: pingidentity
 CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
@@ -54274,7 +54274,7 @@ CVE-2021-41997
 CVE-2021-41996
 	RESERVED
 CVE-2021-41995 (A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: pingidentity
 CVE-2021-41994 (A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerabl ...)
 	NOT-FOR-US: pingidentity
 CVE-2021-41993 (A misconfiguration of RSA in PingID Android app prior to 1.19 is vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d5ee5e89f96291d24b5587a3a3b0f9b02ac42c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d5ee5e89f96291d24b5587a3a3b0f9b02ac42c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220705/d5513548/attachment.htm>