[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon May 23 10:11:01 BST 2022


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
533234ea by Neil Williams at 2022-05-23T10:10:40+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2022-29524
 CVE-2022-29506
 	RESERVED
 CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to  ...)
-	TODO: check
+	NOT-FOR-US: yogeshojha/rengine
 CVE-2022-1812
 	RESERVED
 CVE-2022-1811
@@ -5782,11 +5782,11 @@ CVE-2022-29186 (Rundeck is an open source automation service with a web console,
 CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...)
 	TODO: check
 CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21 ...)
-	TODO: check
+	NOT-FOR-US: ThoughtWorks GoCD
 CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...)
 	- ruby-nokogiri <unfixed> (unimportant)
 	NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
@@ -6384,7 +6384,7 @@ CVE-2022-28997
 CVE-2022-28996
 	RESERVED
 CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...)
-	TODO: check
+	NOT-FOR-US: reNgine
 CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...)
 	NOT-FOR-US: Small HTTP Server
 CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...)
@@ -12991,7 +12991,7 @@ CVE-2022-0885
 CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security  ...)
-	TODO: check
+	NOT-FOR-US: SnowGlobe Licence Manager
 CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...)
 	NOT-FOR-US: Google fuchsia
 CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...)
@@ -15211,7 +15211,7 @@ CVE-2022-21211
 CVE-2022-21208
 	RESERVED
 CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
-	TODO: check
+	NOT-FOR-US: AlexFlipnote/url_regex
 CVE-2022-21192
 	RESERVED
 CVE-2022-21191
@@ -17317,7 +17317,7 @@ CVE-2021-45721
 CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
 	NOT-FOR-US: JFrog Artifactory
 CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2021-23163
 	RESERVED
 CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and Liferay D ...)
@@ -19552,7 +19552,7 @@ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remov
 	NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
 	NOTE: CONFIG_MMC_MOXART is not set in Debian.
 CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...)
-	TODO: check
+	NOT-FOR-US: Fidelis
 CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image]
 	RESERVED
 	- libnbd 1.10.5-1 (bug #1005307)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220523/188fb211/attachment.htm>
