[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Fri Sep 2 11:01:02 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35bd5b59 by Neil Williams at 2022-09-02T11:00:38+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36891,7 +36891,7 @@ CVE-2022-25304 (All versions of package opcua; all versions of package asyncua a
 CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...)
 	NOT-FOR-US: whoogle-search
 CVE-2022-25302 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
-	TODO: check
+	NOT-FOR-US: ASNeG/OpcUaStack
 CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
 	NOT-FOR-US: jsgui-lang-essentials
 CVE-2022-25300
@@ -36935,7 +36935,7 @@ CVE-2022-24430
 CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary  ...)
 	NOT-FOR-US: Node convert-svg-core
 CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
-	TODO: check
+	NOT-FOR-US: ASNeG/OpcUaStack
 CVE-2022-24377
 	RESERVED
 CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
@@ -36945,7 +36945,7 @@ CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of
 CVE-2022-24373
 	RESERVED
 CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
-	TODO: check
+	NOT-FOR-US: FreeOpcUa/freeopcua
 CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
 	NOT-FOR-US: madlib-object-utils
 CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory  ...)
@@ -44837,9 +44837,11 @@ CVE-2022-23462
 CVE-2022-23461
 	RESERVED
 CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
-	TODO: check
+	TODO: check - numerous jsonxx repositories exist on github
+	NOTE: https://github.com/advisories/GHSA-h8mv-q3c4-8hw2
 CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...)
-	TODO: check
+	TODO: check - numerous jsonxx repositories exist on github
+	NOTE: https://github.com/advisories/GHSA-8662-6hf9-cr47
 CVE-2022-23458
 	RESERVED
 CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
@@ -52859,7 +52861,7 @@ CVE-2022-21943
 CVE-2022-21942
 	RESERVED
 CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Sensormatic Electronics, LLC
 CVE-2022-21940
 	RESERVED
 CVE-2022-21939



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bd5b59da3caf4505fd1b6fda5e609051a1c979

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bd5b59da3caf4505fd1b6fda5e609051a1c979
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/bc8a2e1a/attachment.htm>


More information about the debian-security-tracker-commits mailing list