[Git][security-tracker-team/security-tracker][master] Associate some older NFUs with burpsuite's ITP/RFP bug

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e42efa7 by Salvatore Bonaccorso at 2022-07-09T10:51:34+02:00
Associate some older NFUs with burpsuite's ITP/RFP bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45364,7 +45364,7 @@ CVE-2022-21744 (In Modem 2G RR, there is a possible out of bounds write due to a
 CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
-	NOT-FOR-US: Burp Suite (different from src:burp)
+	- burpsuite <itp> (bug #832943)
 CVE-2021-44229
 	RESERVED
 CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...)
@@ -87033,7 +87033,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain
 CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: gitjacker
 CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
-	NOT-FOR-US: Burp Suite (different from src:burp)
+	- burpsuite <itp> (bug #832943)
 CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...)
 	NOT-FOR-US: NordicSemiconductor nRF52840
 CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...)
@@ -274443,7 +274443,7 @@ CVE-2018-10379 (An issue was discovered in GitLab Community Edition (CE) and Ent
 CVE-2018-10378
 	RESERVED
 CVE-2018-10377 (PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validati ...)
-	NOT-FOR-US: PortSwigger Burp Suite
+	- burpsuite <itp> (bug #832943)
 CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract  ...)
 	NOT-FOR-US: SmartMesh token
 CVE-2018-10375 (A file uploading vulnerability exists in /include/helpers/upload.helpe ...)
@@ -300921,7 +300921,7 @@ CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site scripting
 CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration issu ...)
 	NOT-FOR-US: SecurityCenter
 CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...)
-	NOT-FOR-US: Burp Suite (different from src:burp)
+	- burpsuite <itp> (bug #832943)
 CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
 	{DLA-2302-1 DLA-1638-1}
 	- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e42efa7c4070a8f0ed50a9277c29d6b41eae0ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e42efa7c4070a8f0ed50a9277c29d6b41eae0ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220709/36716a34/attachment-0001.htm>