[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b725961 by Salvatore Bonaccorso at 2022-07-14T22:17:30+02:00
Process some NFUs

- - - - -
d92def6d by Salvatore Bonaccorso at 2022-07-14T22:19:38+02:00
Replace annotation with previous ones indicating the DSA 4677-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1367,7 +1367,7 @@ CVE-2022-35285
 CVE-2022-35284
 	RESERVED
 CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-35282
 	RESERVED
 CVE-2022-35281
@@ -15908,7 +15908,7 @@ CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Sp
 CVE-2022-29900 (AMD microprocessor families 15h to 18h are affected by a new Spectre v ...)
 	- linux <unfixed>
 	- xen <unfixed>
-	[buster] - xen <end-of-life> (No longer supported in buster)
+	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
@@ -34542,7 +34542,7 @@ CVE-2022-23825 [AMD CPUs exhibit phantom jumps]
 	RESERVED
 	- linux <unfixed>
 	- xen <unfixed>
-	[buster] - xen <end-of-life> (No longer supported in buster)
+	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
 	NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037
@@ -34569,7 +34569,7 @@ CVE-2022-23816
 	RESERVED
 	- linux <unfixed>
 	- xen <unfixed>
-	[buster] - xen <end-of-life> (No longer supported in buster)
+	[buster] - xen <end-of-life> (DSA 4677-1)
 	NOTE: This is the AMD assigned CVE for Retbleed (CVE-2022-29900), as AMD did not
 	NOTE: agree on the coverage for CVE-2022-29900: As stated in the Xen advisory 407:
 	NOTE: On AMD CPUs, Retbleed is one specific instance of a more general
@@ -39401,7 +39401,7 @@ CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vul
 CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...)
 	NOT-FOR-US: IBM
 CVE-2022-22477 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and ...)
 	NOT-FOR-US: IBM
 CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...)
@@ -39409,7 +39409,7 @@ CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0
 CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsv ...)
 	NOT-FOR-US: IBM
 CVE-2022-22473 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through ...)
 	NOT-FOR-US: IBM
 CVE-2022-22471
@@ -39435,7 +39435,7 @@ CVE-2022-22462
 CVE-2022-22461
 	RESERVED
 CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive informati ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22459
 	RESERVED
 CVE-2022-22458
@@ -39449,13 +39449,13 @@ CVE-2022-22455
 CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...)
 	NOT-FOR-US: IBM
 CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22452 (IBM Security Verify Identity Manager 10.0 uses an inadequate account l ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22451
 	RESERVED
 CVE-2022-22450 (IBM Security Verify Identity Manager 10.0 could allow a privileged use ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22449
 	RESERVED
 CVE-2022-22448
@@ -63571,7 +63571,7 @@ CVE-2021-39030
 CVE-2021-39029
 	RESERVED
 CVE-2021-39028 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structur ...)
 	NOT-FOR-US: IBM
 CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
@@ -63589,15 +63589,15 @@ CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently o
 CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive  ...)
 	NOT-FOR-US: IBM
 CVE-2021-39019 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39018 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39017 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-39014
 	RESERVED
 CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f601883cf5e432afdf28ddb4f4648a6ba3b05dad...d92def6d5f9799bd0900a69846733e799bd76a02

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f601883cf5e432afdf28ddb4f4648a6ba3b05dad...d92def6d5f9799bd0900a69846733e799bd76a02
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220714/713801b9/attachment.htm>