[Git][security-tracker-team/security-tracker][master] pluxml removed from unstable

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
499fc50d by Salvatore Bonaccorso at 2022-06-25T11:57:03+02:00
pluxml removed from unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26226,12 +26226,12 @@ CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allow
 CVE-2022-25021
 	RESERVED
 CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows att ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	NOTE: https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf
 CVE-2022-25019
 	REJECTED
 CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary c ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	NOTE: https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
 CVE-2022-25017 (Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulner ...)
 	NOT-FOR-US: Hitron CHITA
@@ -27690,13 +27690,13 @@ CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site script
 CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
 	NOT-FOR-US: Flatpress
 CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf
 CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf
 CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
 CVE-2022-24584 (** DISPUTED ** Incorrect access control in Yubico OTP functionality of ...)
 	NOT-FOR-US: yubico.com
@@ -60515,11 +60515,11 @@ CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
 CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	[buster] - pluxml <ignored> (Minor issue)
 	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
-	- pluxml <unfixed> (bug #1008264)
+	- pluxml <removed> (bug #1008264)
 	[buster] - pluxml <ignored> (Minor issue)
 	[stretch] - pluxml <no-dsa> (Minor issue)
 CVE-2021-38601
@@ -141537,12 +141537,12 @@ CVE-2020-18187
 CVE-2020-18186
 	RESERVED
 CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...)
-	- pluxml <unfixed> (unimportant; bug #973382)
+	- pluxml <removed> (unimportant; bug #973382)
 	NOTE: https://github.com/pluxml/PluXml/issues/321
 	NOTE: The attack vector is a little unusual but it would be quite expected that
 	NOTE: the admin can execute arbitrary php code.
 CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...)
-	- pluxml <unfixed> (unimportant; bug #973382)
+	- pluxml <removed> (unimportant; bug #973382)
 	NOTE: https://github.com/pluxml/PluXml/issues/320
 	NOTE: One could question whether this is a vulnerability at all. The
 	NOTE: developer documentation describes this as expected behavior.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499fc50d340b4cb35393958eb5d0e91aec57ac05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/499fc50d340b4cb35393958eb5d0e91aec57ac05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220625/27f0bb7b/attachment.htm>