[Git][security-tracker-team/security-tracker][master] Reassociate some older NFUs with cri-o ITP bug

Wed Jun 8 07:33:24 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50eaccef by Salvatore Bonaccorso at 2022-06-08T08:32:57+02:00
Reassociate some older NFUs with cri-o ITP bug

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13935,7 +13935,7 @@ CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 befor
 CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
 	NOT-FOR-US: Siemens
 CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly started w ...)
-	NOT-FOR-US: cri-o
+	- cri-o <itp> (bug #979702)
 CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started  ...)
 	- golang-github-containers-buildah <unfixed> (bug #1009882)
 	NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1)
@@ -17713,7 +17713,7 @@ CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potent
 	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486
 	NOTE: Negligible security impact
 CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for a pod.  ...)
-	NOT-FOR-US: cri-o
+	- cri-o <itp> (bug #979702)
 CVE-2022-26333
 	REJECTED
 CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name fie ...)
@@ -22525,7 +22525,7 @@ CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the sta
 CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18  ...)
-	NOT-FOR-US: cri-o
+	- cri-o <itp> (bug #979702)
 CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
@@ -197882,7 +197882,7 @@ CVE-2019-14892 (A flaw was discovered in jackson-databind in versions before 2.9
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
 CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...)
-	NOT-FOR-US: Kubernetes CRI-O
+	- cri-o <itp> (bug #979702)
 CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in version ...)
@@ -264222,7 +264222,7 @@ CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2
 	NOTE: Only an issue when running on an NTFS filesystem.
 	NOTE: https://lkml.org/lkml/2018/5/29/889
 CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Swi ...)
-	NOT-FOR-US: Kubernetes CRI-O
+	- cri-o <itp> (bug #979702)
 CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
 	{DLA-2366-1 DLA-1785-1 DLA-1381-1}
 	- imagemagick 8:6.9.9.34+dfsg-3 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50eaccef52f8be82b95051495566244f90b821cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50eaccef52f8be82b95051495566244f90b821cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/c996dd2d/attachment.htm>
