[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
872e619b by Neil Williams at 2022-05-26T10:35:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6919,7 +6919,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and
 CVE-2022-29247
 	RESERVED
 CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-29245
 	RESERVED
 CVE-2022-29244
@@ -6965,7 +6965,7 @@ CVE-2022-29225
 CVE-2022-29224
 	RESERVED
 CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
 	- snowflake <unfixed> (bug #1011458)
 	NOTE: https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh
@@ -6976,7 +6976,7 @@ CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation
 CVE-2022-29220
 	RESERVED
 CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...)
-	TODO: check
+	NOT-FOR-US: chainsafe/lodestar
 CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...)
 	NOT-FOR-US: rubygems/rubygems.org
 CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple  ...)
@@ -6984,9 +6984,9 @@ CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports mul
 CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...)
-	TODO: check
+	NOT-FOR-US: PocketMine plugin
 CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication solution for  ...)
-	TODO: check
+	NOT-FOR-US: NextAuth.js
 CVE-2022-29213 (TensorFlow is an open source platform for machine learning. Prior to v ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2022-29212 (TensorFlow is an open source platform for machine learning. Prior to v ...)
@@ -7645,7 +7645,7 @@ CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-s
 CVE-2022-29003
 	RESERVED
 CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: xxl-job
 CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not ...)
 	NOT-FOR-US: SpringBootMovie
 CVE-2022-29000
@@ -80643,7 +80643,7 @@ CVE-2021-27781
 CVE-2021-27780
 	RESERVED
 CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2021-27778
 	RESERVED
 CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/ed4777a2/attachment.htm>