[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 27 21:12:36 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbc98a9a by Salvatore Bonaccorso at 2022-10-27T22:12:19+02:00
Process some NFUs

- - - - -
5b8aef77 by Salvatore Bonaccorso at 2022-10-27T22:12:20+02:00
Add CVE-2022-3363/rdiffweb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5175,7 +5175,7 @@ CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKe
 CVE-2022-41814
 	RESERVED
 CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...)
-	TODO: check
+	NOT-FOR-US: installer of Content Transfer (for Windows)
 CVE-2022-41789
 	RESERVED
 CVE-2022-41611
@@ -6607,7 +6607,7 @@ CVE-2022-3365
 CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...)
-	TODO: check
+	- rdiffweb <itp> (bug #969974)
 CVE-2022-3362
 	RESERVED
 CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...)
@@ -6680,7 +6680,7 @@ CVE-2022-40967
 CVE-2022-40965
 	RESERVED
 CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...)
-	TODO: check
+	NOT-FOR-US: AliveCor Kardia App
 CVE-2022-40204
 	RESERVED
 CVE-2022-40202
@@ -6869,7 +6869,7 @@ CVE-2022-41713
 CVE-2022-41712
 	RESERVED
 CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: Badaso
 CVE-2022-41710
 	RESERVED
 CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...)
@@ -10482,7 +10482,7 @@ CVE-2022-40240
 CVE-2022-40239
 	RESERVED
 CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software prior to ...)
-	TODO: check
+	NOT-FOR-US: CERT software
 CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341
@@ -12494,15 +12494,15 @@ CVE-2022-39357 (Winter is a free, open-source content management system based on
 CVE-2022-39356
 	RESERVED
 CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and  ...)
-	TODO: check
+	NOT-FOR-US: Discourse Patreon
 CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...)
-	TODO: check
+	NOT-FOR-US: Rust crate evm
 CVE-2022-39353
 	RESERVED
 CVE-2022-39352
 	RESERVED
 CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...)
-	TODO: check
+	NOT-FOR-US: Dependency-Track
 CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
 	TODO: check
 CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
@@ -12520,11 +12520,11 @@ CVE-2022-39344
 CVE-2022-39343
 	RESERVED
 CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2022-39339
 	RESERVED
 CVE-2022-39338
@@ -13780,7 +13780,7 @@ CVE-2022-38872
 CVE-2022-38871
 	RESERVED
 CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
-	TODO: check
+	NOT-FOR-US: free5GC
 CVE-2022-38869
 	RESERVED
 CVE-2022-38868
@@ -16119,7 +16119,7 @@ CVE-2022-2784
 CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...)
 	NOT-FOR-US: Octopus
 CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...)
 	NOT-FOR-US: Octopus
 CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...)
@@ -18616,7 +18616,7 @@ CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection. ...)
 CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
 	NOT-FOR-US: JFinal CMS
 CVE-2022-37202 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedb ...)
-	TODO: check
+	NOT-FOR-US: JFinal CMS
 CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)
 	NOT-FOR-US: JFinal CMS
 CVE-2022-37200
@@ -20355,13 +20355,13 @@ CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain
 CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab through 9 ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 thr ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-36451 (A vulnerability in the MiCollab Client server component of Mitel MiCol ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...)
 	NOT-FOR-US: Obsidian
 CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
@@ -20667,7 +20667,7 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau
 	NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
 	NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2
 CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2022-2507
 	RESERVED
 CVE-2022-2506



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42fcc87f70d5d8f0497393cab5202f50747942d0...5b8aef77443a688fef4d7b48a10b421b391d6cf0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221027/9c72f44c/attachment.htm>

More information about the debian-security-tracker-commits mailing list