[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Aug 25 10:50:18 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a7eba22 by Moritz Muehlenhoff at 2023-08-25T11:49:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2023-34972 (A cleartext transmission of sensitive information vulnerability
 CVE-2023-34971 (An inadequate encryption strength vulnerability has been reported to a ...)
 	NOT-FOR-US: QNAP
 CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and e ...)
-	- kafka <itp> (bug #786460)
+	NOT-FOR-US: Spring for Kafka
 CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking  ...)
@@ -128,9 +128,9 @@ CVE-2023-40273 (The session fixation vulnerability allowed the authenticated use
 CVE-2023-40270
 	REJECTED
 CVE-2023-40185 (shescape is simple shell escape library for JavaScript. This may impac ...)
-	TODO: check
+	NOT-FOR-US: Node shescape
 CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks that runs  ...)
-	TODO: check
+	NOT-FOR-US: Node saml
 CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -402,7 +402,7 @@ CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti 0.
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h)
 	NOTE: Duplicate CVE assignment for CVE-2021-26247
 CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause denial of s ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...)
 	- imagemagick 8:6.9.11.57+dfsg-1
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889
@@ -22255,7 +22255,7 @@ CVE-2023-1411
 CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability.   ...)
 	- grafana <removed>
 CVE-2023-1409 (If the MongoDB Server running on Windows or macOS is configured to use ...)
-	TODO: check
+	- mongodb <not-affected> (Only applies to MacOS and Windows)
 CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...)
 	- linux 6.3.7-1 (unimportant)
 	[bookworm] - linux 6.1.37-1
@@ -111382,7 +111382,7 @@ CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal
 CVE-2022-25025
 	RESERVED
 CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error in type ...)
-	TODO: check
+	NOT-FOR-US: json2xml
 CVE-2022-25023 (Audio File commit 004065d was discovered to contain a heap-buffer over ...)
 	NOT-FOR-US: AudioFile (different from src:audiofile)
 CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows atta ...)
@@ -133554,7 +133554,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain
 CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...)
 	NOT-FOR-US: coreos-installer
 CVE-2021-43171 (Improper verification of applications' cryptographic signatures in the ...)
-	TODO: check
+	NOT-FOR-US: App Lounge
 CVE-2021-43170
 	RESERVED
 CVE-2021-43169
@@ -210932,7 +210932,7 @@ CVE-2020-25889 (Online Bus Booking System Project Using PHP/MySQL version 1.0 ha
 CVE-2020-25888
 	RESERVED
 CVE-2020-25887 (Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when r ...)
-	TODO: check
+	NOT-FOR-US: Cesenta Mongoose
 CVE-2020-25886
 	RESERVED
 CVE-2020-25885
@@ -220593,7 +220593,7 @@ CVE-2020-21701
 CVE-2020-21700
 	RESERVED
 CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 ...)
-	TODO: check
+	NOT-FOR-US: Tengine
 CVE-2020-21698
 	RESERVED
 CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
@@ -223939,7 +223939,6 @@ CVE-2020-20146
 	RESERVED
 CVE-2020-20145
 	REJECTED
-	TODO: check
 CVE-2020-20144
 	RESERVED
 CVE-2020-20143



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7eba2264f5f44ad5899ee8680c82ea99dacbc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a7eba2264f5f44ad5899ee8680c82ea99dacbc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230825/53e6baac/attachment.htm>

More information about the debian-security-tracker-commits mailing list