[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Thu Mar 24 15:27:31 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd943003 by Neil Williams at 2022-03-24T15:27:03+00:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2110,7 +2110,7 @@ CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/sh
 CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHu ...)
 	NOT-FOR-US: ShowDoc
 CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub  ...)
-	TODO: check
+	NOT-FOR-US: sqlpad
 CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim  ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -5103,7 +5103,7 @@ CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable to
 CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socket cli ...)
 	NOT-FOR-US: SinGooCMS
 CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...)
-	TODO: check
+	NOT-FOR-US: Node post-loader
 CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to  ...)
@@ -6628,7 +6628,7 @@ CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0652 (Confd log files contain local users', including root’s, SHA512cr ...)
-	TODO: check
+	NOT-FOR-US: Sophos UTM
 CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0650
@@ -6868,7 +6868,7 @@ CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier
 CVE-2022-21159
 	RESERVED
 CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
-	TODO: check
+	NOT-FOR-US: swift-nio-http2
 CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
 	{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
 	- linux 5.16.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9430030bb41fe404908b0f737522ed5cfa483c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd9430030bb41fe404908b0f737522ed5cfa483c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/b5a7dca5/attachment.htm>

More information about the debian-security-tracker-commits mailing list