[Git][security-tracker-team/security-tracker][master] Process some NFUs & nextcloud-server itp

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38ebda5c by Neil Williams at 2022-06-01T11:40:13+01:00
Process some NFUs & nextcloud-server itp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7863,7 +7863,7 @@ CVE-2022-29378
 CVE-2022-29377 (Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a st ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-29376 (Xampp for Windows v8.1.4 and below was discovered to contain insecure  ...)
-	TODO: check
+	NOT-FOR-US: XAMPP for Windows
 CVE-2022-29375
 	RESERVED
 CVE-2022-29374
@@ -8216,7 +8216,7 @@ CVE-2022-29260
 CVE-2022-29259
 	RESERVED
 CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert  ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-29257
 	RESERVED
 CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
@@ -8243,11 +8243,11 @@ CVE-2022-29247
 CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
 	NOT-FOR-US: Microsoft
 CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...)
-	TODO: check
+	NOT-FOR-US: SSH.NET
 CVE-2022-29244
 	RESERVED
 CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...)
 	- libengine-gost-openssl1.1 <unfixed>
 	NOTE: https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5
@@ -8306,7 +8306,7 @@ CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation
 	NOTE: https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
 	NOTE: https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
 CVE-2022-29220 (github-action-merge-dependabot is an action that automatically approve ...)
-	TODO: check
+	NOT-FOR-US: github-action-merge-dependabot
 CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...)
 	NOT-FOR-US: chainsafe/lodestar
 CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...)
@@ -17618,7 +17618,7 @@ CVE-2022-25881
 CVE-2022-25879
 	RESERVED
 CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype Pollu ...)
-	TODO: check
+	NOT-FOR-US: protobufjs/protobuf.js
 CVE-2022-25877
 	RESERVED
 CVE-2022-25876



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38ebda5cffd9c0f436ee825cca1fa3ccc1cd2b52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38ebda5cffd9c0f436ee825cca1fa3ccc1cd2b52
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220601/ca756798/attachment-0001.htm>