[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 23 15:35:21 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4261318 by Moritz Mühlenhoff at 2022-09-23T16:35:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -470,7 +470,7 @@ CVE-2022-38066
 CVE-2022-3253
 	RESERVED
 CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO Extras ...)
-	TODO: check
+	NOT-FOR-US: Swift (different from src:swift)
 CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
 	NOT-FOR-US: minarca
 CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -800,7 +800,7 @@ CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend M
 CVE-2022-40979
 	RESERVED
 CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: installer of JetBrains IntelliJ IDEA
 CVE-2022-40977
 	RESERVED
 CVE-2022-40976
@@ -1370,7 +1370,7 @@ CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive
 CVE-2022-40735
 	RESERVED
 CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
-	TODO: check
+	NOT-FOR-US: Laravel Filemanager
 CVE-2022-40733
 	RESERVED
 CVE-2022-40732
@@ -1428,9 +1428,9 @@ CVE-2022-40707
 CVE-2022-3219
 	RESERVED
 CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
-	TODO: check
+	NOT-FOR-US: Necta LLC
 CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
-	TODO: check
+	NOT-FOR-US: VBASE
 CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
 	- smarty3 <unfixed> (bug #1019897)
 	- smarty4 <unfixed> (bug #1019896)
@@ -2513,9 +2513,9 @@ CVE-2022-40264
 CVE-2022-40263
 	RESERVED
 CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the  ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from  ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2022-40260
 	RESERVED
 CVE-2022-40259
@@ -2537,7 +2537,7 @@ CVE-2022-40252
 CVE-2022-40251
 	RESERVED
 CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges from  ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2022-40249
 	RESERVED
 CVE-2022-40248
@@ -2545,7 +2545,7 @@ CVE-2022-40248
 CVE-2022-40247
 	RESERVED
 CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2022-40245
 	RESERVED
 CVE-2022-40244
@@ -4791,9 +4791,9 @@ CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tok
 CVE-2022-39226
 	RESERVED
 CVE-2022-39225 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Node parse-server
 CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: arr-pm
 CVE-2022-39223
 	RESERVED
 CVE-2022-39222
@@ -4805,9 +4805,9 @@ CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5
 CVE-2022-39219
 	RESERVED
 CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provides the ...)
-	TODO: check
+	NOT-FOR-US: Fastly
 CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
-	TODO: check
+	NOT-FOR-US: GitHub Advanced Security to CSV
 CVE-2022-39216
 	RESERVED
 CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...)
@@ -5229,7 +5229,7 @@ CVE-2022-39065
 CVE-2022-39064
 	RESERVED
 CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
-	TODO: check
+	NOT-FOR-US: Open5GS UPF
 CVE-2022-39062
 	RESERVED
 CVE-2022-39061



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a426131815ffda3e40f46ffe328814bd5ff4d0dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a426131815ffda3e40f46ffe328814bd5ff4d0dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220923/e75b7c15/attachment.htm>

More information about the debian-security-tracker-commits mailing list