[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 7 17:52:40 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d54620b9 by Moritz Muehlenhoff at 2022-03-07T18:52:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2022-0871
 CVE-2022-0870
 	RESERVED
 CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Spirit forum software
 CVE-2022-26507
 	RESERVED
 CVE-2022-26506
@@ -88,7 +88,7 @@ CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine compo
 CVE-2020-36517
 	RESERVED
 CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
-	TODO: check
+	NOT-FOR-US: Node urijs
 CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
@@ -312,7 +312,7 @@ CVE-2022-0849 (Use After Free in r_reg_get_name_idx in GitHub repository radareo
 	NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6
 	NOTE: https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24
 CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior to 0.5 ...)
-	TODO: check
+	NOT-FOR-US: part-db
 CVE-2022-26412
 	RESERVED
 CVE-2022-26411
@@ -374,7 +374,7 @@ CVE-2022-0847
 CVE-2022-0846
 	RESERVED
 CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-lightning ...)
-	TODO: check
+	NOT-FOR-US: pytorchlightning
 CVE-2022-26387
 	RESERVED
 CVE-2022-26386
@@ -412,9 +412,9 @@ CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in
 CVE-2022-0840
 	RESERVED
 CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
-	TODO: check
+	NOT-FOR-US: liquibase
 CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0837
 	RESERVED
 CVE-2022-0836
@@ -484,7 +484,7 @@ CVE-2022-26343
 CVE-2022-26337
 	RESERVED
 CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...)
-	TODO: check
+	NOT-FOR-US: poi-scratchpad
 CVE-2022-26335
 	RESERVED
 CVE-2022-26334
@@ -1780,7 +1780,7 @@ CVE-2022-0754
 CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hes ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0751
 	RESERVED
 	[experimental] - gitlab 14.6.5+ds1-1
@@ -2884,7 +2884,7 @@ CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privi
 CVE-2022-0698
 	RESERVED
 CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
-	TODO: check
+	NOT-FOR-US: Archivy
 CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -3082,7 +3082,7 @@ CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm al
 CVE-2022-25316
 	RESERVED
 CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Apache Any23
 CVE-2022-21132
 	RESERVED
 CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
@@ -3898,7 +3898,7 @@ CVE-2022-25071
 CVE-2022-25070
 	RESERVED
 CVE-2022-25069 (Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: MarkText
 CVE-2022-25068
 	RESERVED
 CVE-2022-25067
@@ -4728,7 +4728,7 @@ CVE-2022-24720 (image_processing is an image processing wrapper for libvips and
 	NOTE: https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
 	NOTE: https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada (v1.12.2)
 CVE-2022-24719 (Fluture-Node is a FP-style HTTP and streaming utils for Node based on  ...)
-	TODO: check
+	NOT-FOR-US: Fluture-Node
 CVE-2022-24718 (ssr-pages is an HTML page builder for the purpose of server-side rende ...)
 	NOT-FOR-US: ssr-pages
 CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of server-side rende ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54620b9a0a6964a7355d11794c80ea1d4a9976f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54620b9a0a6964a7355d11794c80ea1d4a9976f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220307/01846148/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list