[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 15 18:34:02 BST 2022



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51fcfe2e by Moritz Muehlenhoff at 2022-10-15T19:33:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30614,7 +30614,7 @@ CVE-2022-31254
 CVE-2022-31253
 	RESERVED
 CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...)
-	TODO: check
+	NOT-FOR-US: OpenSUSE
 CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging of the  ...)
 	- slurm-wlm <not-affected> (SUSE specific packaging issue)
 CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...)
@@ -36715,7 +36715,7 @@ CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, API
 	[bullseye] - jupyter-server <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
 CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...)
-	TODO: check
+	NOT-FOR-US: Scylla
 CVE-2022-29239
 	RESERVED
 CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...)
@@ -46233,7 +46233,7 @@ CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site Sc
 CVE-2022-25874
 	RESERVED
 CVE-2022-25873 (The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Node vuetify
 CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out-of-bo ...)
 	NOT-FOR-US: Node fast-string-search
 CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...)
@@ -46315,7 +46315,7 @@ CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are v
 CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...)
 	NOT-FOR-US: NodeJS ungit
 CVE-2022-25765 (The package pdfkit from 0.0.0 are vulnerable to Command Injection wher ...)
-	TODO: check
+	NOT-FOR-US: Node pdfkit
 CVE-2022-25764
 	RESERVED
 CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before  ...)
@@ -132256,7 +132256,7 @@ CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire
 CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows  ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20030 (SonicWall GMS is vulnerable to file path manipulation resulting that a ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2021-20029
 	RESERVED
 CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
@@ -273062,9 +273062,9 @@ CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an enews
 CVE-2018-18448
 	RESERVED
 CVE-2018-18447 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...)
-	TODO: check
+	NOT-FOR-US: dotPDN
 CVE-2018-18446 (dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data ...)
-	TODO: check
+	NOT-FOR-US: dotPDN
 CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
 	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51fcfe2e0792c762321e3fcab6fedb6b262d2303
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221015/906a570d/attachment.htm>


More information about the debian-security-tracker-commits mailing list