[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 29 12:30:56 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
004cdb19 by Salvatore Bonaccorso at 2023-12-29T13:29:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,7 +53,7 @@ CVE-2023-52174 (XnView Classic before 2.51.3 on Windows has a Write Access Viola
 CVE-2023-52173 (XnView Classic before 2.51.3 on Windows has a Write Access Violation a ...)
 	NOT-FOR-US: XnView
 CVE-2023-52152 (mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read ...)
-	TODO: check
+	NOT-FOR-US: mUPNP
 CVE-2023-52085 (Winter is a free, open-source content management system. Users with ac ...)
 	NOT-FOR-US: Winter CMS
 CVE-2023-52084 (Winter is a free, open-source content management system. Prior to 1.2. ...)
@@ -127,7 +127,7 @@ CVE-2023-52082 (Lychee is a free photo-management tool.  Prior to 5.0.2, Lychee
 CVE-2023-52081 (ffcss is a CLI interface to apply and configure Firefox CSS themes. Pr ...)
 	NOT-FOR-US: ffcss
 CVE-2023-52079 (msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior ...)
-	TODO: check
+	NOT-FOR-US: msgpackr Node.js module
 CVE-2023-51501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-50874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -58062,7 +58062,7 @@ CVE-2023-23636 (In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vul
 CVE-2023-23635 (In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnera ...)
 	- jellyfin <itp> (bug #994189)
 CVE-2023-23634 (SQL Injection vulnerability in Documize version 5.4.2, allows remote a ...)
-	TODO: check
+	NOT-FOR-US: Documize
 CVE-2023-23633
 	RESERVED
 CVE-2023-23632 (BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004cdb19c6199d65cb04fb2a1e89d8cc05a29a97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/004cdb19c6199d65cb04fb2a1e89d8cc05a29a97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231229/c327488a/attachment.htm>


More information about the debian-security-tracker-commits mailing list