[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ef7229c by Salvatore Bonaccorso at 2022-09-30T20:57:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2022-41841 (An issue was discovered in Bento4 through 1.6.0-639. A NULL poin
 CVE-2022-41829
 	RESERVED
 CVE-2022-41828 (In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or ...)
-	TODO: check
+	NOT-FOR-US: Amazon AWS Redshift JDBC Driver
 CVE-2022-41827
 	RESERVED
 CVE-2022-41826
@@ -172,7 +172,7 @@ CVE-2022-3357
 CVE-2022-3356
 	RESERVED
 CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
-	TODO: check
+	NOT-FOR-US: inventree
 CVE-2022-41768
 	RESERVED
 CVE-2022-41767 [mediawiki: reassignEdits doesn't update results in an IP range check on Special:Contributions]
@@ -2362,7 +2362,7 @@ CVE-2022-40881
 CVE-2022-40880
 	RESERVED
 CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the  ...)
-	TODO: check
+	NOT-FOR-US: kkFileView
 CVE-2022-40878 (In Exam Reviewer Management System 1.0, an authenticated attacker can  ...)
 	NOT-FOR-US: Exam Reviewer Management System
 CVE-2022-40877 (Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via ...)
@@ -2848,7 +2848,7 @@ CVE-2022-33978
 CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...)
 	NOT-FOR-US: Nintendo Game Boy Color
 CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...)
-	TODO: check
+	NOT-FOR-US: swift-nio
 CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
 	NOT-FOR-US: Delta
 CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
@@ -3604,7 +3604,7 @@ CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron throu
 CVE-2022-40364
 	RESERVED
 CVE-2022-40363 (A buffer overflow in the component nfc_device_load_mifare_ul_data of F ...)
-	TODO: check
+	NOT-FOR-US: Flipper Devices
 CVE-2022-40362
 	RESERVED
 CVE-2022-40361
@@ -4199,7 +4199,7 @@ CVE-2022-3137
 CVE-2022-3136
 	RESERVED
 CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for  ...)
-	TODO: check
+	NOT-FOR-US: Clash for Windows
 CVE-2022-40125
 	RESERVED
 CVE-2022-40124
@@ -4287,7 +4287,7 @@ CVE-2022-40084
 CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...)
 	NOT-FOR-US: Labstack Echo
 CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: Hertz
 CVE-2022-40081
 	RESERVED
 CVE-2022-40080
@@ -4351,11 +4351,11 @@ CVE-2022-40052
 CVE-2022-40051
 	RESERVED
 CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...)
-	TODO: check
+	NOT-FOR-US: ZFile
 CVE-2022-40049
 	RESERVED
 CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
-	TODO: check
+	NOT-FOR-US: Flatpress
 CVE-2022-40047
 	RESERVED
 CVE-2022-40046
@@ -6035,7 +6035,7 @@ CVE-2022-39268
 CVE-2022-39267
 	RESERVED
 CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...)
-	TODO: check
+	NOT-FOR-US: isolated-vm
 CVE-2022-39265
 	RESERVED
 CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef7229c8f7fe60a7d06d5e7112bf12a8b53cd44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef7229c8f7fe60a7d06d5e7112bf12a8b53cd44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/e6e7e1aa/attachment.htm>