[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 4 11:49:09 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05a875a8 by Moritz Muehlenhoff at 2023-04-04T12:48:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2023-29220
 CVE-2023-29219
 	RESERVED
 CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Twitter Recommendation Algorithm
 CVE-2023-29217
 	RESERVED
 CVE-2023-29169
@@ -259,13 +259,13 @@ CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x thro
 	NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
 	NOTE: https://phabricator.wikimedia.org/T285159
 CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
-	TODO: check
+	NOT-FOR-US: GrowthExperiments MediaWiki extension
 CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
-	TODO: check
+	NOT-FOR-US: CheckUser MediaWiki extension
 CVE-2023-29138
 	RESERVED
 CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
-	TODO: check
+	NOT-FOR-US: GrowthExperiments MediaWiki extension
 CVE-2023-29136
 	RESERVED
 CVE-2023-29135
@@ -391,7 +391,7 @@ CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Aver
 CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator
 CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <=  ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2023-1767
 	RESERVED
 CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -929,7 +929,7 @@ CVE-2023-1673
 CVE-2023-28936
 	RESERVED
 CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
-	TODO: check
+	NOT-FOR-US: Apache UIMA UICC
 CVE-2023-28744
 	RESERVED
 CVE-2023-1672
@@ -1041,7 +1041,7 @@ CVE-2023-1664
 	RESERVED
 	NOT-FOR-US: Keycloak
 CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...)
-	TODO: check
+	NOT-FOR-US: Coverity
 CVE-2023-1662
 	RESERVED
 CVE-2023-1661
@@ -1231,13 +1231,13 @@ CVE-2023-28856
 CVE-2023-28855
 	RESERVED
 CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...)
-	TODO: check
+	NOT-FOR-US: nophp
 CVE-2023-28853
 	RESERVED
 CVE-2023-28852
 	RESERVED
 CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe
 CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows  ...)
 	NOT-FOR-US: Pimcore Perspective Editor
 CVE-2023-28849
@@ -1247,7 +1247,7 @@ CVE-2023-28848
 CVE-2023-28847
 	RESERVED
 CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
-	TODO: check
+	NOT-FOR-US: Unpoly
 CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud.  ...)
 	NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud
 CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...)
@@ -1265,9 +1265,9 @@ CVE-2023-28839
 CVE-2023-28838
 	RESERVED
 CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail
 CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...)
-	TODO: check
+	NOT-FOR-US: Wagtail
 CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. In affec ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcloud Se ...)
@@ -1761,7 +1761,7 @@ CVE-2023-28687
 CVE-2023-1551
 	RESERVED
 CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...)
-	TODO: check
+	NOT-FOR-US: NGINX Agent
 CVE-2023-1549
 	RESERVED
 CVE-2023-1548
@@ -1922,7 +1922,7 @@ CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Du
 CVE-2023-28639
 	RESERVED
 CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...)
-	TODO: check
+	NOT-FOR-US: Snappier
 CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...)
 	NOT-FOR-US: DataEase
 CVE-2023-28636
@@ -1936,17 +1936,17 @@ CVE-2023-28633
 CVE-2023-28632
 	RESERVED
 CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
-	TODO: check
+	NOT-FOR-US: comrak
 CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...)
 	NOT-FOR-US: GoCD
 CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...)
 	NOT-FOR-US: GoCD
 CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...)
-	TODO: check
+	NOT-FOR-US: lambdaisland/uri
 CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...)
-	TODO: check
+	NOT-FOR-US: pymedusa
 CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
-	TODO: check
+	NOT-FOR-US: comrak
 CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...)
 	- libapache2-mod-auth-openidc <unfixed> (bug #1033916)
 	NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a (v2.4.13.2)
@@ -2535,7 +2535,7 @@ CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel
 CVE-2023-28463
 	RESERVED
 CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara Server 4 ...)
-	TODO: check
+	NOT-FOR-US: Payara
 CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow  ...)
 	NOT-FOR-US: Array Networks
 CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...)
@@ -2607,15 +2607,15 @@ CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty
 	NOTE: https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d (master)
 	NOTE: https://github.com/smarty-php/smarty/commit/e09df8d851eb3ef139ced41afa5e73480f3cd5e8 (support/3.1)
 CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...)
-	TODO: check
+	NOT-FOR-US: Deno
 CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
 	NOT-FOR-US: Deno
 CVE-2023-28444 (angular-server-side-configuration helps configure an angular applicati ...)
-	TODO: check
+	NOT-FOR-US: angular-server-side-configuration
 CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...)
-	TODO: check
+	NOT-FOR-US: GeoNode
 CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...)
 	NOT-FOR-US: smartCARS
 CVE-2023-28440
@@ -2639,7 +2639,7 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster de
 CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's  ...)
 	NOT-FOR-US: Frontier
 CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...)
-	TODO: check
+	NOT-FOR-US: OneSignal
 CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...)
@@ -6465,7 +6465,7 @@ CVE-2023-27226
 CVE-2023-27225
 	RESERVED
 CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: NginxProxyManager
 CVE-2023-27223
 	RESERVED
 CVE-2023-27222
@@ -6587,7 +6587,7 @@ CVE-2023-27165
 CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...)
 	NOT-FOR-US: Halo
 CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...)
-	TODO: check
+	NOT-FOR-US: request-baskets
 CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...)
 	TODO: check
 CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05a875a85093e10b40337919e94366bffb0c5ca0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230404/bbcad467/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list