[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri Mar 25 11:38:45 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6717c83 by Neil Williams at 2022-03-25T11:37:24+00:00
Process some NFUs

- - - - -
0c9166e3 by Neil Williams at 2022-03-25T11:38:22+00:00
CVE-2022-22771/jasperreports <removed>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1522,7 +1522,7 @@ CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via t
 	[stretch] - packagekit <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
 CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...)
-	TODO: check
+	NOT-FOR-US: Hestia Control Panel
 CVE-2022-0985
 	RESERVED
 CVE-2022-0984
@@ -11893,7 +11893,7 @@ CVE-2022-0317 (An improper input validation vulnerability in go-attestation befo
 CVE-2022-0316
 	RESERVED
 CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to  ...)
-	TODO: check
+	NOT-FOR-US: horovod
 CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-23778
@@ -15284,7 +15284,8 @@ CVE-2022-22773
 CVE-2022-22772
 	RESERVED
 CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...)
-	TODO: check
+	- jasperreports <removed>
+	NOTE: https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771
 CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
 	NOT-FOR-US: TIBCO
 CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
@@ -15690,7 +15691,7 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded
 	NOTE: https://redmine.lighttpd.net/issues/3134
 	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
 CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed Dangerous Meth ...)
-	TODO: check
+	NOT-FOR-US: ARM Mali GPU driver
 CVE-2022-22705
 	RESERVED
 CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
@@ -15726,9 +15727,9 @@ CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoAp
 CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
 	NOT-FOR-US: CA Harvest Software Change Manager
 CVE-2022-22688 (Improper neutralization of special elements used in a command ('Comman ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
-	TODO: check
+	NOT-FOR-US: Synology DiskStation Manager
 CVE-2022-22686
 	RESERVED
 CVE-2022-22685
@@ -20366,9 +20367,9 @@ CVE-2022-21948
 CVE-2022-21947
 	RESERVED
 CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
-	TODO: check
+	NOT-FOR-US: SUSE cscreen
 CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...)
-	TODO: check
+	NOT-FOR-US: SUSE cscreen
 CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd  ...)
 	NOT-FOR-US: SUSE packaging issue in watchman
 CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e50a08fde5098fb2aa43136076c34db58532ec7...0c9166e344127ad65669038dca4414a43bf2cc84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e50a08fde5098fb2aa43136076c34db58532ec7...0c9166e344127ad65669038dca4414a43bf2cc84
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/880720c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list