[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Mar 23 20:31:00 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32485e0f by Salvatore Bonaccorso at 2022-03-23T21:30:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1115,7 +1115,7 @@ CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpa
 CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...)
 	NOT-FOR-US: ShowDoc
 CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
-	TODO: check
+	NOT-FOR-US: Crater
 CVE-2022-1032
 	RESERVED
 CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2  ...)
@@ -3378,17 +3378,17 @@ CVE-2022-0864
 CVE-2022-0863
 	RESERVED
 CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orche ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler prior to 3 ...)
 	- cobbler <removed>
 CVE-2022-0859 (McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 a ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0858 (A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolic ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0857 (A reflected cross-site scripting (XSS) vulnerability in McAfee Enterpr ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which allow ...)
 	- libcaca <unfixed> (unimportant)
 	NOTE: https://github.com/cacalabs/libcaca/issues/65
@@ -3552,7 +3552,7 @@ CVE-2022-0843
 	- firefox 98.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843
 CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orche ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...)
 	NOT-FOR-US: ljharb/npm-lockfile
 CVE-2022-0840
@@ -5785,9 +5785,9 @@ CVE-2022-25520
 CVE-2022-25519
 	RESERVED
 CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a  ...)
-	TODO: check
+	NOT-FOR-US: CMDBuild
 CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: MyBatis plus
 CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow  ...)
 	- libstb <unfixed> (unimportant)
 	NOTE: https://github.com/nothings/stb/issues/1287



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32485e0fcfcac7bd90767dde9c079eaf17ec4568

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32485e0fcfcac7bd90767dde9c079eaf17ec4568
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220323/e14c70ec/attachment.htm>
