[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 7 21:05:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51427391 by Salvatore Bonaccorso at 2022-11-07T22:03:53+01:00
Process some NFUs

- - - - -
f694f871 by Salvatore Bonaccorso at 2022-11-07T22:04:41+01:00
Add CVE-2022-31256/sendmail

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20595,9 +20595,9 @@ CVE-2022-38166
 CVE-2022-38165
 	RESERVED
 CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2022-38163 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...)
 	NOT-FOR-US: WithSecure
 CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
@@ -21652,7 +21652,7 @@ CVE-2022-37712
 CVE-2022-37711
 	RESERVED
 CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ...)
-	TODO: check
+	NOT-FOR-US: Patterson Dental Eaglesoft
 CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...)
 	NOT-FOR-US: Tesla
 CVE-2022-37708
@@ -30745,7 +30745,7 @@ CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not e
 CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2188 (Privilege escalation vulnerability in DXL Broker for Windows prior to  ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise  ...)
@@ -39125,7 +39125,8 @@ CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polone
 CVE-2022-31257 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Mendix
 CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following') vulne ...)
-	TODO: check
+	- sendmail <not-affected> (Vulnerability in SUSE-specific script used in sentmail-client.service service unit)
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1204696
 CVE-2022-31255
 	RESERVED
 	NOT-FOR-US: Uyuni
@@ -62282,7 +62283,7 @@ CVE-2022-23736
 CVE-2022-23735
 	RESERVED
 CVE-2022-23734 (A deserialization of untrusted data vulnerability was identified in Gi ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server  ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
@@ -83089,7 +83090,7 @@ CVE-2021-42207
 CVE-2021-42206
 	RESERVED
 CVE-2021-42205 (ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC ...)
-	TODO: check
+	NOT-FOR-US: ELAN Miniport touchpad Windows driver
 CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
 	- swftools <removed>
 	[stretch] - swftools <no-dsa> (Minor issue)
@@ -105930,17 +105931,17 @@ CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel
 CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...)
 	NOT-FOR-US: Intel
 CVE-2021-33081 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...)
-	TODO: check
+	NOT-FOR-US: firmware for some Intel(R) SSD DC Products
 CVE-2021-33080 (Exposure of sensitive system information due to uncleared debug inform ...)
 	NOT-FOR-US: Intel
 CVE-2021-33079 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...)
-	TODO: check
+	NOT-FOR-US: firmware for some Intel(R) SSD DC Products
 CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R) Optane(TM ...)
 	NOT-FOR-US: Intel
 CVE-2021-33077 (Insufficient control flow management in firmware for some Intel(R) SSD ...)
 	NOT-FOR-US: Intel
 CVE-2021-33076 (Improper authentication in firmware for some Intel(R) SSD DC Products  ...)
-	TODO: check
+	NOT-FOR-US: firmware for some Intel(R) SSD DC Products
 CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R)  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD, Intel( ...)
@@ -187714,7 +187715,7 @@ CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below
 CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
 	NOT-FOR-US: Beckhoff
 CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...)
-	TODO: check
+	NOT-FOR-US: s::can moni::tools
 CVE-2020-12508
 	RESERVED
 CVE-2020-12507



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/758d6dd5ca3ac04b3bc64c09e4a6d8b69fe47ba6...f694f871c9ea01f7583030a43bc156be710d99b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/758d6dd5ca3ac04b3bc64c09e4a6d8b69fe47ba6...f694f871c9ea01f7583030a43bc156be710d99b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221107/6e540531/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list