[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 14 18:01:06 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24563c0c by Moritz Muehlenhoff at 2022-11-14T19:00:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11286,11 +11286,11 @@ CVE-2022-41908
 CVE-2022-41907
 	RESERVED
 CVE-2022-41906 (OpenSearch Notifications is a notifications plugin for OpenSearch that ...)
-	TODO: check
+	NOT-FOR-US: OpenSearch plugin
 CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI. Imple ...)
-	TODO: check
+	NOT-FOR-US: WsgiDAV
 CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...)
-	TODO: check
+	NOT-FOR-US: Element iOS
 CVE-2022-41903
 	RESERVED
 CVE-2022-41902
@@ -11314,7 +11314,7 @@ CVE-2022-41894
 CVE-2022-41893
 	RESERVED
 CVE-2022-41892 (Arches is a web platform for creating, managing, & visualizing geo ...)
-	TODO: check
+	NOT-FOR-US: Arches
 CVE-2022-41891
 	RESERVED
 CVE-2022-41890
@@ -11346,7 +11346,7 @@ CVE-2022-41878 (Parse Server is an open source backend that can be deployed to a
 CVE-2022-41877
 	RESERVED
 CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...)
-	TODO: check
+	NOT-FOR-US: ezplatform-graphql
 CVE-2022-41875
 	RESERVED
 CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...)
@@ -17382,7 +17382,7 @@ CVE-2022-39397
 CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Node parse-server
 CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
-	TODO: check
+	NOT-FOR-US: Vela
 CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
 	NOT-FOR-US: wasmtime
 CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...)
@@ -17458,7 +17458,7 @@ CVE-2022-39368 (Eclipse Californium is a Java implementation of RFC7252 - Constr
 CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery.  ...)
 	NOT-FOR-US: QTIWorks
 CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45,  ...)
-	TODO: check
+	NOT-FOR-US: DataHub
 CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...)
 	NOT-FOR-US: Pimcore
 CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -17490,7 +17490,7 @@ CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine in
 CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...)
 	NOT-FOR-US: Dependency-Track
 CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
-	TODO: check
+	NOT-FOR-US: @dependencytrack/frontend
 CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
 	NOT-FOR-US: Tasks.org Android app
 CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...)
@@ -17557,7 +17557,7 @@ CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is
 CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...)
 	NOT-FOR-US: Keystone CMS
 CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...)
-	TODO: check
+	NOT-FOR-US: GitHub Actions Runner
 CVE-2022-39320
 	RESERVED
 CVE-2022-39319
@@ -17575,7 +17575,7 @@ CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2,
 CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Node parse-server
 CVE-2022-39312 (Dataease is an open source data visualization analysis tool. Dataease  ...)
-	TODO: check
+	NOT-FOR-US: Dataease
 CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
 	NOT-FOR-US: GoCD
 CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
@@ -19573,7 +19573,7 @@ CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerabi
 CVE-2022-38653
 	RESERVED
 CVE-2022-38652 (** UNSUPPORTED WHEN ASSIGNED ** A remote insecure deserialization vuln ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2022-38651 (** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exi ...)
 	NOT-FOR-US: VMware
 CVE-2022-38650 (** UNSUPPORTED WHEN ASSIGNED ** A remote unauthenticated insecure dese ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24563c0cfe397e7611856e140ab9c8249d086a09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24563c0cfe397e7611856e140ab9c8249d086a09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/1b1d3650/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list