[Git][security-tracker-team/security-tracker][master] 3 commits: Move one older CVE from NFU status to the ITP'ed entry

Thu May 12 11:47:47 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc133236 by Salvatore Bonaccorso at 2022-05-12T12:34:50+02:00
Move one older CVE from NFU status to the ITP'ed entry

- - - - -
4edb1882 by Salvatore Bonaccorso at 2022-05-12T12:46:16+02:00
Add two new libsixel issues

- - - - -
15a41816 by Salvatore Bonaccorso at 2022-05-12T12:47:12+02:00
Process three NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2022-30595
 CVE-2022-30593
 	RESERVED
 CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC)
 CVE-2022-30591
 	RESERVED
 CVE-2022-30590
@@ -1647,13 +1647,15 @@ CVE-2022-29980
 CVE-2022-29979
 	RESERVED
 CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize,  ...)
-	TODO: check
+	- libsixel <unfixed>
+	NOTE: https://github.com/saitoha/libsixel/issues/166
 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...)
-	TODO: check
+	- libsixel <unfixed>
+	NOTE: https://github.com/saitoha/libsixel/issues/165
 CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC Parameter was d ...)
-	TODO: check
+	NOT-FOR-US: MDaemon
 CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC Parameter was di ...)
-	TODO: check
+	NOT-FOR-US: MDaemon
 CVE-2022-29974
 	RESERVED
 CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...)
@@ -461365,7 +461367,7 @@ CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-
 	{DSA-2347-1}
 	- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
 CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commenting  ...)
-	NOT-FOR-US: Review Board
+	- reviewboard <itp> (bug #653113)
 CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys,  ...)
 	NOT-FOR-US: ResourceSpace
 CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c793fac0779f6f6345aaec8cda939d8f7183b2a9...15a4181615006627fceef646e332cf97ab34ea30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c793fac0779f6f6345aaec8cda939d8f7183b2a9...15a4181615006627fceef646e332cf97ab34ea30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220512/78bd8068/attachment.htm>
