[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri Sep 2 10:38:55 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70168e2d by Neil Williams at 2022-09-02T10:38:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -295,7 +295,7 @@ CVE-2022-3074
 CVE-2022-3073
 	RESERVED
 CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
-	TODO: check
+	NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2006-20001
 	RESERVED
 CVE-2022-XXXX [wordpress 6.0.2]
@@ -36901,7 +36901,7 @@ CVE-2022-25233
 CVE-2022-25232
 	RESERVED
 CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
-	TODO: check
+	NOT-FOR-US: node-opcua/node-opcua
 CVE-2022-25171
 	RESERVED
 CVE-2022-24913
@@ -36941,7 +36941,7 @@ CVE-2022-24377
 CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
 	NOT-FOR-US: Node git-promise
 CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
-	TODO: check
+	NOT-FOR-US: node-opcua/node-opcua
 CVE-2022-24373
 	RESERVED
 CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
@@ -37014,7 +37014,7 @@ CVE-2022-21213 (This affects all versions of package mout. The deepFillIn functi
 CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...)
 	NOT-FOR-US: Node posix
 CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
-	TODO: check
+	NOT-FOR-US: node-opcua/node-opcua
 CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
 	NOT-FOR-US: AlexFlipnote/url_regex
 CVE-2022-21192
@@ -37034,7 +37034,7 @@ CVE-2022-21169
 CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary  ...)
 	NOT-FOR-US: masuit.tools
 CVE-2022-21165 (All versions of package font-converter are vulnerable to Arbitrary Com ...)
-	TODO: check
+	NOT-FOR-US: zgec/node-js-font-converter
 CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...)
 	NOT-FOR-US: Node lmdb
 CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core before 6 ...)
@@ -63416,7 +63416,7 @@ CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vuln
 CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...)
 	NOT-FOR-US: Android
 CVE-2022-20359 (In various methods of NotificationManagerService.java, there is a poss ...)
-	TODO: check
+	TODO: check - not listed in linked bulletin
 CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible  ...)
 	NOT-FOR-US: Android
 CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70168e2dafe1db371a550c15d388342872e028bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70168e2dafe1db371a550c15d388342872e028bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/0ab866bc/attachment.htm>


More information about the debian-security-tracker-commits mailing list