[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 11 20:37:50 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0118c06 by Salvatore Bonaccorso at 2022-07-11T21:37:32+02:00
Process some NFUs

- - - - -
c729c039 by Salvatore Bonaccorso at 2022-07-11T21:37:33+02:00
Add CVE-2022-33980/commons-configuration2

- - - - -
f71e4e3b by Salvatore Bonaccorso at 2022-07-11T21:37:35+02:00
Add CVE-2022-32061/snipe-it

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2441,7 +2441,7 @@ CVE-2022-30692
 CVE-2022-29514
 	RESERVED
 CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...)
-	TODO: check
+	NOT-FOR-US: LiteCart
 CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System  ...)
 	NOT-FOR-US: SourceCodester Library Management System
 CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management System  ...)
@@ -4191,7 +4191,8 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
 	NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
 CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...)
-	TODO: check
+	- commons-configuration2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[stretch] - vim <postponed> (Minor issue)
@@ -7472,7 +7473,7 @@ CVE-2022-32569
 CVE-2022-32568
 	RESERVED
 CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...)
-	TODO: check
+	NOT-FOR-US: Appfire Jira Misc Custom Fields (JMCF) app
 CVE-2022-32566
 	RESERVED
 CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...)
@@ -7926,7 +7927,7 @@ CVE-2022-32443
 CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When  ...)
 	NOT-FOR-US: u5cms
 CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: Hex Rays Ida Pro
 CVE-2022-32440
 	RESERVED
 CVE-2022-32439
@@ -8218,7 +8219,7 @@ CVE-2022-32297
 CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...)
 	NOT-FOR-US: Ampere devices
 CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2022-32293
 	RESERVED
 CVE-2022-32292
@@ -8491,13 +8492,13 @@ CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12
 CVE-2022-32234
 	RESERVED
 CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2022-29926
 	RESERVED
 CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue in mu ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1984
@@ -9043,7 +9044,7 @@ CVE-2022-32063
 CVE-2022-32062
 	RESERVED
 CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User function und ...)
-	TODO: check
+	- snipe-it <itp> (bug #1005172)
 CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding Settings ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-32059



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b3e374505c297f9ac83178fa1db2d60f833d287...f71e4e3bd346cb01a2be751d9c51fa5290be7023
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220711/24fc451f/attachment.htm>

More information about the debian-security-tracker-commits mailing list