[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 18 20:04:56 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc78afed by Salvatore Bonaccorso at 2022-03-18T21:04:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90,7 +90,7 @@ CVE-2022-0995 [kernel bug in the watch_queue subsystem]
 CVE-2022-0994
 	RESERVED
 CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2022-27224
 	RESERVED
 CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16 ...)
@@ -356,7 +356,7 @@ CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load
 CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...)
 	NOT-FOR-US: KINGSOFT
 CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav  ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2022-0969
 	RESERVED
 CVE-2022-0968 (The microweber application allows large characters to insert in the in ...)
@@ -3571,7 +3571,7 @@ CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Poll
 CVE-2022-25353
 	RESERVED
 CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...)
-	TODO: check
+	NOT-FOR-US: libnested
 CVE-2022-25351
 	RESERVED
 CVE-2022-25350
@@ -4952,7 +4952,7 @@ CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, althou
 CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
 	NOT-FOR-US: Docker Desktop
 CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in build cache ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
 	NOT-FOR-US: WatchGuard
 CVE-2022-25362



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78afed221d321b74d8a3d2c1a762d381336648

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc78afed221d321b74d8a3d2c1a762d381336648
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220318/653074b7/attachment.htm>

More information about the debian-security-tracker-commits mailing list