[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 3 05:55:03 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de5ad7f4 by Salvatore Bonaccorso at 2022-03-03T06:54:42+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4222,13 +4222,13 @@ CVE-2022-24722
 CVE-2022-24721
 	RESERVED
 CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...)
-	TODO: check
+	NOT-FOR-US: image_processing
 CVE-2022-24719 (Fluture-Node is a FP-style HTTP and streaming utils for Node based on  ...)
 	TODO: check
 CVE-2022-24718 (ssr-pages is an HTML page builder for the purpose of server-side rende ...)
-	TODO: check
+	NOT-FOR-US: ssr-pages
 CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of server-side rende ...)
-	TODO: check
+	NOT-FOR-US: ssr-pages
 CVE-2022-24716
 	RESERVED
 CVE-2022-24715
@@ -4666,7 +4666,7 @@ CVE-2022-24596
 CVE-2022-24595
 	RESERVED
 CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using X-Forwarded-For ...)
-	TODO: check
+	NOT-FOR-US: waline
 CVE-2022-24593
 	RESERVED
 CVE-2022-24592
@@ -21889,7 +21889,7 @@ CVE-2021-43621
 CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...)
 	NOT-FOR-US: Rust crate fruity
 CVE-2021-43619 (Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in  ...)
-	TODO: check
+	NOT-FOR-US: Trusted Firmware M
 CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
 	{DLA-2837-1}
 	- gmp 2:6.2.1+dfsg-3 (bug #994405)
@@ -30165,7 +30165,7 @@ CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In a
 CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...)
 	NOT-FOR-US: FirstUseAuthenticator for JupyterHub
 CVE-2021-41193 (wire-avs is the audio visual signaling (AVS) component of Wire, an ope ...)
-	TODO: check
+	NOT-FOR-US: wire-avs
 CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...)
 	NOT-FOR-US: Redash
 CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...)
@@ -30389,9 +30389,9 @@ CVE-2021-41114 (TYPO3 is an open source PHP based web content management system
 CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
 	NOT-FOR-US: Typo3
 CVE-2021-41112 (Rundeck is an open source automation service with a web console, comma ...)
-	TODO: check
+	NOT-FOR-US: Rundeck
 CVE-2021-41111 (Rundeck is an open source automation service with a web console, comma ...)
-	TODO: check
+	NOT-FOR-US: Rundeck
 CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...)
 	NOT-FOR-US: cwlviewer
 CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -37409,7 +37409,7 @@ CVE-2021-38270
 CVE-2021-38269
 	RESERVED
 CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and L ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2021-38267
 	RESERVED
 CVE-2021-38266
@@ -42617,7 +42617,7 @@ CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verificat
 CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-36171 (The use of a cryptographically weak pseudo-random number generator in  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...)
@@ -42627,7 +42627,7 @@ CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('
 CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
 	NOT-FOR-US: FortiGuard
 CVE-2021-36166 (An improper authentication vulnerability in FortiMail before 7.0.1 may ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
 	NOT-FOR-US: RICON Industrial Cellular Router
 CVE-2021-36164
@@ -51357,7 +51357,7 @@ CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in Forti
 CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-32586 (An improper input validation vulnerability in the web server CGI facil ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-32585
 	RESERVED
 CVE-2021-32584
@@ -107244,9 +107244,9 @@ CVE-2020-22847
 CVE-2020-22846
 	RESERVED
 CVE-2020-22845 (A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated att ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-22844 (A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated att ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik
 CVE-2020-22843
 	RESERVED
 CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
@@ -122175,7 +122175,7 @@ CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) travers
 CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
 	NOT-FOR-US: FortiGate FortiGuard
 CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3 and be ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-15934



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5ad7f4bd94d850959a6184d41e95a574e91d01

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de5ad7f4bd94d850959a6184d41e95a574e91d01
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220303/a6397055/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list