[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Aug 29 21:26:42 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65698136 by Salvatore Bonaccorso at 2023-08-29T22:23:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.584
 CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...)
 	TODO: check
 CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...)
-	TODO: check
+	NOT-FOR-US: Nokia Service Router Operating System (SR OS) and SR Linux
 CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In  ...)
 	TODO: check
 CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...)
@@ -15,7 +15,7 @@ CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_cente
 CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...)
 	TODO: check
 CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...)
-	TODO: check
+	NOT-FOR-US: Arista
 CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...)
 	TODO: check
 CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...)
@@ -33,17 +33,17 @@ CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffe
 CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions  ...)
 	TODO: check
 CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...)
 	TODO: check
 CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...)
 	TODO: check
 CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length  ...)
 	TODO: check
 CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2023-4585
 	- firefox <unfixed>
 	- firefox-esr <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65698136929bfc88bdaa0b870b40204d78dadad1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65698136929bfc88bdaa0b870b40204d78dadad1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230829/a1b7036f/attachment.htm>
