[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 17 09:04:26 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
783145e4 by Moritz Muehlenhoff at 2023-08-17T10:04:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,7 +22,7 @@ CVE-2023-4382 (A vulnerability, which was classified as problematic, has been fo
 CVE-2023-4381 (Unverified Password Change in GitHub repository instantsoft/icms2 prio ...)
 	NOT-FOR-US: icms2
 CVE-2023-4241 (lol-html can cause panics on certain HTML inputs. Anyone processing ar ...)
-	TODO: check
+	NOT-FOR-US: lol-html
 CVE-2023-4204 (NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected  ...)
 	NOT-FOR-US: NPort IAW5000A-I/O Series firmware
 CVE-2023-39975 (kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...)
@@ -310,7 +310,7 @@ CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote a
 	NOTE: https://github.com/libxls/libxls/issues/124 (#2)
 	NOTE: Negligible security impact
 CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...)
-	TODO: check
+	NOT-FOR-US: Codedoc
 CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a local atta ...)
 	NOT-FOR-US: Bitwarden
 CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...)
@@ -328,9 +328,9 @@ CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to St
 CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP  ...)
 	NOT-FOR-US: LiteSpeed OpenLiteSpeed
 CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...)
-	TODO: check
+	NOT-FOR-US: Docker Machine
 CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...)
-	TODO: check
+	NOT-FOR-US: SVG Loader
 CVE-2023-39829 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via  ...)
 	NOT-FOR-US: Tenda
 CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via  ...)
@@ -342,7 +342,7 @@ CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in
 CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a  ...)
 	NOT-FOR-US: Android
 CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
 	- radare2 <unfixed>
 	NOTE: https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783145e49ed4434d5bf2ea9b8c324339b537363b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/783145e49ed4434d5bf2ea9b8c324339b537363b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/5f0ede93/attachment.htm>


More information about the debian-security-tracker-commits mailing list