[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 8 20:44:38 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45be27c2 by Salvatore Bonaccorso at 2022-09-08T21:44:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4029,7 +4029,7 @@ CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in
 CVE-2022-38532
 	RESERVED
 CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...)
-	TODO: check
+	NOT-FOR-US: FPT router
 CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <no-dsa> (Minor issue)
@@ -7819,11 +7819,11 @@ CVE-2022-37148
 CVE-2022-37147
 	RESERVED
 CVE-2022-37146 (The PlexTrac platform prior to version 1.28.0 allows for username enum ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2022-37145 (The PlexTrac platform prior to version 1.17.0 does not restrict excess ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2022-37144 (The PlexTrac platform prior to API version 1.17.0 does not restrict ex ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2022-37143
 	RESERVED
 CVE-2022-37142
@@ -10558,9 +10558,9 @@ CVE-2022-36091
 CVE-2022-36090
 	RESERVED
 CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...)
-	TODO: check
+	NOT-FOR-US: KubeVela
 CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...)
-	TODO: check
+	NOT-FOR-US: GoCD
 CVE-2022-36087
 	RESERVED
 CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...)
@@ -10574,9 +10574,9 @@ CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK,
 CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga from Mang ...)
 	TODO: check
 CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
-	TODO: check
+	NOT-FOR-US: Wikmd
 CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...)
-	TODO: check
+	NOT-FOR-US: Wikmd
 CVE-2022-36079 (Parse Server is an open source backend that can be deployed to any inf ...)
 	TODO: check
 CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...)
@@ -10602,7 +10602,7 @@ CVE-2022-36069 (Poetry is a dependency manager for Python. When handling depende
 CVE-2022-36068
 	RESERVED
 CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
-	TODO: check
+	NOT-FOR-US: Node vm2
 CVE-2022-36066
 	RESERVED
 CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...)
@@ -10614,7 +10614,7 @@ CVE-2022-36063
 CVE-2022-36062
 	RESERVED
 CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
-	TODO: check
+	NOT-FOR-US: Elrond go
 CVE-2022-36060
 	RESERVED
 CVE-2022-36059
@@ -10629,7 +10629,7 @@ CVE-2022-36059
 	NOTE: https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f (v19.4.0)
 CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protocol. In ...)
-	TODO: check
+	NOT-FOR-US: Elrond go
 CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...)
 	NOT-FOR-US: Discourse-Chat
 CVE-2022-36056
@@ -10647,7 +10647,7 @@ CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keyclo
 CVE-2022-36050
 	RESERVED
 CVE-2022-36049 (Flux2 is a tool for keeping Kubernetes clusters in sync with sources o ...)
-	TODO: check
+	NOT-FOR-US: Flux project fluxcd
 CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based threa ...)
 	NOT-FOR-US: Zulip
 CVE-2022-36047
@@ -11921,7 +11921,7 @@ CVE-2022-35515
 CVE-2022-35514
 	RESERVED
 CVE-2022-35513 (The Blink1Control2 application <= 2.2.7 uses weak password encrypti ...)
-	TODO: check
+	NOT-FOR-US: Blink1Control2 application
 CVE-2022-35512
 	RESERVED
 CVE-2022-35511
@@ -23054,7 +23054,7 @@ CVE-2022-31416
 CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...)
 	NOT-FOR-US: Online Fire Reporting System
 CVE-2022-31414 (D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2022-31413
 	RESERVED
 CVE-2022-31412
@@ -23473,7 +23473,7 @@ CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-jav
 CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...)
 	TODO: check
 CVE-2022-1807 (Multiple SQLi vulnerabilities in Webadmin allow for privilege escalati ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...)
 	NOT-FOR-US: RTX
 CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the ...)
@@ -23679,9 +23679,9 @@ CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug
 CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...)
 	NOT-FOR-US: Zulip
 CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs for XWik ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-31166 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2022-31165
 	RESERVED
 CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...)
@@ -27006,7 +27006,7 @@ CVE-2022-30080
 CVE-2022-30079
 	RESERVED
 CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2022-30077
 	RESERVED
 CVE-2022-30076



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45be27c28211b5a13d8fe7a5cc605a02ddab7e8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45be27c28211b5a13d8fe7a5cc605a02ddab7e8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220908/ba310058/attachment.htm>

More information about the debian-security-tracker-commits mailing list