[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Mon Mar 14 21:22:35 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8771cfa8 by Salvatore Bonaccorso at 2022-03-14T22:22:21+01:00
Process some NFUs

- - - - -
f3441c2d by Salvatore Bonaccorso at 2022-03-14T22:22:21+01:00
Add CVE-2021-36368/openssh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7384,13 +7384,13 @@ CVE-2022-24389
 CVE-2022-24388
 	RESERVED
 CVE-2022-24387 (With administrator or admin privileges the application can be tricked  ...)
-	TODO: check
+	NOT-FOR-US: SmarterTrack
 CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...)
-	TODO: check
+	NOT-FOR-US: SmarterTrack
 CVE-2022-24385 (A Direct Object Access vulnerability in SmarterTools SmarterTrack lead ...)
-	TODO: check
+	NOT-FOR-US: SmarterTrack
 CVE-2022-24384 (Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack  ...)
-	TODO: check
+	NOT-FOR-US: SmarterTrack
 CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
 	NOT-FOR-US: CSV+
 CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in  ...)
@@ -30087,7 +30087,7 @@ CVE-2021-42173
 CVE-2021-42172
 	RESERVED
 CVE-2021-42171 (Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can ...)
-	TODO: check
+	NOT-FOR-US: Zenario CMS
 CVE-2021-42170
 	RESERVED
 CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
@@ -30667,7 +30667,7 @@ CVE-2021-41954
 CVE-2021-41953
 	RESERVED
 CVE-2021-41952 (Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via  ...)
-	TODO: check
+	NOT-FOR-US: Zenario CMS
 CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
 	NOT-FOR-US: ResourceSpace
 CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277  ...)
@@ -44523,7 +44523,9 @@ CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. Wh
 CVE-2021-36369
 	RESERVED
 CVE-2021-36368 (** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a cli ...)
-	TODO: check
+	- openssh 1:8.9p1-1
+	NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316
+	NOTE: https://docs.ssh-mitm.at/trivialauth.html
 CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...)
 	- putty 0.75-3 (bug #990901)
 	[bullseye] - putty <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1dc304dee50672f7eef89858a7118fd58977779b...f3441c2d9e0f6c731b0c4e393c90cf530b7b84f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1dc304dee50672f7eef89858a7118fd58977779b...f3441c2d9e0f6c731b0c4e393c90cf530b7b84f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220314/0a63b8a0/attachment-0001.htm>
