[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 31 21:18:28 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26a6ddf5 by Salvatore Bonaccorso at 2022-03-31T22:18:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -239,7 +239,7 @@ CVE-2022-28225
 CVE-2022-28224
 	RESERVED
 CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2022-1190
 	RESERVED
 CVE-2022-1189
@@ -277,7 +277,7 @@ CVE-2022-1178 (Stored Cross Site Scripting in GitHub repository openemr/openemr
 CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub repo ...)
 	NOT-FOR-US: OpenEMR
 CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2022-1175
 	RESERVED
 CVE-2022-1174
@@ -645,11 +645,11 @@ CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (
 CVE-2020-36521
 	RESERVED
 CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and ear ...)
-	TODO: check
+	NOT-FOR-US: AttacheCase
 CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and ...)
-	TODO: check
+	NOT-FOR-US: Zero-channel BBS Plus
 CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...)
-	TODO: check
+	NOT-FOR-US: AttacheCase
 CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in  ...)
 	- openjpeg2 <unfixed>
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1368



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a6ddf5e92b9f810ecd6bd057b85444fb12675c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26a6ddf5e92b9f810ecd6bd057b85444fb12675c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/f1c09d5c/attachment.htm>

More information about the debian-security-tracker-commits mailing list