[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 15 10:03:38 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df8df844 by Salvatore Bonaccorso at 2022-06-15T10:46:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3401,23 +3401,23 @@ CVE-2022-32245
 CVE-2022-32244
 	RESERVED
 CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files r ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32241 (When a user opens manipulated Portable Document Format (.pdf, PDFView. ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32240 (When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d)  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32239 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32238 (When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d)  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32237 (When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCor ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32236 (When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files rece ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-32235 (When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) fil ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
 	- libmobi 0.11+dfsg-1
 	NOTE: https://huntr.dev/bounties/e8197737-7557-443e-a59f-2a86e8dda75f/
@@ -5400,7 +5400,7 @@ CVE-2022-31597
 CVE-2022-31596
 	RESERVED
 CVE-2022-31595 (SAP Financial Consolidation - version 1010,�does not perform ne ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...)
 	TODO: check
 CVE-2022-31593
@@ -5410,7 +5410,7 @@ CVE-2022-31592
 CVE-2022-31591
 	RESERVED
 CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker with low pr ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-31589 (Due to improper authorization check, business users who are using Isra ...)
 	TODO: check
 CVE-2022-31588
@@ -10886,15 +10886,15 @@ CVE-2022-29620 (** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain clea
 CVE-2022-29619
 	RESERVED
 CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver Development Infras ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...)
 	NOT-FOR-US: CLA assistant
 CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...)
 	NOT-FOR-US: SAP
 CVE-2022-29615 (SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Ecli ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-29614 (SAP startservice - of SAP NetWeaver Application Server ABAP, Applicati ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2022-29613 (Due to insufficient input validation, SAP Employee Self Service allows ...)
 	NOT-FOR-US: SAP
 CVE-2022-29612 (SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df8df844c6c5e010b738cc54fb43ddc1ed703f04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df8df844c6c5e010b738cc54fb43ddc1ed703f04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220615/d6f680ad/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list