[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Fri Sep 2 11:01:02 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35bd5b59 by Neil Williams at 2022-09-02T11:00:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -36891,7 +36891,7 @@ CVE-2022-25304 (All versions of package opcua; all versions of package asyncua a
CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...)
NOT-FOR-US: whoogle-search
CVE-2022-25302 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
- TODO: check
+ NOT-FOR-US: ASNeG/OpcUaStack
CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
NOT-FOR-US: jsgui-lang-essentials
CVE-2022-25300
@@ -36935,7 +36935,7 @@ CVE-2022-24430
CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
NOT-FOR-US: Node convert-svg-core
CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
- TODO: check
+ NOT-FOR-US: ASNeG/OpcUaStack
CVE-2022-24377
RESERVED
CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
@@ -36945,7 +36945,7 @@ CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of
CVE-2022-24373
RESERVED
CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
- TODO: check
+ NOT-FOR-US: FreeOpcUa/freeopcua
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
NOT-FOR-US: madlib-object-utils
CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...)
@@ -44837,9 +44837,11 @@ CVE-2022-23462
CVE-2022-23461
RESERVED
CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
- TODO: check
+ TODO: check - numerous jsonxx repositories exist on github
+ NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2
CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
- TODO: check
+ TODO: check - numerous jsonxx repositories exist on github
+ NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
CVE-2022-23458
RESERVED
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
@@ -52859,7 +52861,7 @@ CVE-2022-21943
CVE-2022-21942
RESERVED
CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2022-21940
RESERVED
CVE-2022-21939
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bd5b59da3caf4505fd1b6fda5e609051a1c979
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bd5b59da3caf4505fd1b6fda5e609051a1c979
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/bc8a2e1a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list