[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 14 15:21:53 GMT 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dbf76de by Moritz Muehlenhoff at 2022-11-14T16:21:32+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,7 +14,7 @@ CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified a
 	[bullseye] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34)
 CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2022-3977
 	RESERVED
 	- linux 6.0.2-1
@@ -22,7 +22,7 @@ CVE-2022-3977
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3a732b46736cd8a29092e4b0b1a9ba83e672bf89 (6.1-rc1)
 CVE-2022-3976 (A vulnerability has been found in MZ Automation libiec61850 up to 1.4  ...)
-	TODO: check
+	NOT-FOR-US: libIEC61850
 CVE-2022-3975 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: NukeViet CMS
 CVE-2022-3974 (A vulnerability classified as critical was found in Axiomatic Bento4.  ...)
@@ -32,7 +32,7 @@ CVE-2022-3973 (A vulnerability classified as critical has been found in Pingkon
 CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated as cri ...)
 	NOT-FOR-US: Pingkon HMS-PHP
 CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...)
-	TODO: check
+	NOT-FOR-US: matrix-appservice-irc
 CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...)
 	- tiff <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137
@@ -53,11 +53,11 @@ CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpe
 CVE-2022-45197
 	RESERVED
 CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...)
-	TODO: check
+	NOT-FOR-US: Hyperledger Fabric
 CVE-2022-45195 (SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not a ...)
-	TODO: check
+	NOT-FOR-US: SimpleXMQ
 CVE-2022-3963 (A vulnerability was found in gnuboard5. It has been classified as prob ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML document, le ...)
 	NOT-FOR-US: CBRN-Analysis
 CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...)
@@ -82,7 +82,7 @@ CVE-2022-45185
 CVE-2022-45184
 	RESERVED
 CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...)
-	TODO: check
+	NOT-FOR-US: Ironman
 CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module  ...)
 	NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV)
 CVE-2022-45181
@@ -162,7 +162,7 @@ CVE-2022-45148
 CVE-2022-45147
 	RESERVED
 CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Drogon
 CVE-2022-3958
 	RESERVED
 CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected  ...)
@@ -196,7 +196,7 @@ CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker
 CVE-2022-3946
 	RESERVED
 CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
-	TODO: check
+	NOT-FOR-US: Kavita
 CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...)
 	NOT-FOR-US: jerryhanjj ERP
 CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as probl ...)
@@ -210,11 +210,11 @@ CVE-2022-45145
 CVE-2022-45144
 	RESERVED
 CVE-2022-3941 (A vulnerability has been found in Activity Log Plugin and classified a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3940 (A vulnerability, which was classified as problematic, was found in lan ...)
-	TODO: check
+	NOT-FOR-US: lanyulei ferry
 CVE-2022-3939 (A vulnerability, which was classified as critical, has been found in l ...)
-	TODO: check
+	NOT-FOR-US: lanyulei ferry
 CVE-2022-3938
 	RESERVED
 CVE-2022-3937
@@ -6646,7 +6646,7 @@ CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by o
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0)
 	NOTE: Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0)
 CVE-2022-43679 (The Docker image of ownCloud Server through 10.11 contains a misconfig ...)
-	TODO: check
+	NOT-FOR-US: Docker image of ownCloud Server
 CVE-2022-43678
 	RESERVED
 CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbf76deb3f1a47f8a815a2c7bc805522889a844

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbf76deb3f1a47f8a815a2c7bc805522889a844
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/87aee252/attachment.htm>


More information about the debian-security-tracker-commits mailing list