[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 6 16:53:13 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
00d88108 by Moritz Muehlenhoff at 2023-02-06T17:52:59+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attack
 	[bullseye] - harfbuzz <no-dsa> (Minor issue)
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
 CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...)
-	TODO: check
+	NOT-FOR-US: Gimmie
 CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...)
-	TODO: check
+	NOT-FOR-US: Gimmie
 CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...)
-	TODO: check
+	NOT-FOR-US: Gimmie
 CVE-2023-25192
 	RESERVED
 CVE-2023-25191
@@ -51,9 +51,9 @@ CVE-2023-0674 (A vulnerability, which was classified as problematic, has been fo
 CVE-2023-0673 (A vulnerability classified as critical was found in SourceCodester Onl ...)
 	NOT-FOR-US: SourceCodester Online Eyewear Shop
 CVE-2017-20176 (A vulnerability classified as problematic was found in ciubotaru share ...)
-	TODO: check
+	NOT-FOR-US: share-on-diaspora
 CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSchTour  ...)
-	TODO: check
+	NOT-FOR-US: Mamoto extension for MediaWiki
 CVE-2023-25189
 	RESERVED
 CVE-2023-25188
@@ -324,9 +324,9 @@ CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift
 CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: MobileDetect
 CVE-2018-25079 (A vulnerability was found in Segmentio is-url up to 1.2.2. It has been ...)
-	TODO: check
+	NOT-FOR-US: Node is-url
 CVE-2015-10072 (A vulnerability classified as problematic was found in NREL api-umbrel ...)
-	TODO: check
+	NOT-FOR-US: api-umbrella-web
 CVE-2013-10018 (A vulnerability was found in fanzila WebFinance 0.5. It has been decla ...)
 	NOT-FOR-US: fanzila WebFinance
 CVE-2013-10017 (A vulnerability was found in fanzila WebFinance 0.5. It has been class ...)
@@ -1467,7 +1467,7 @@ CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWik
 CVE-2023-24611
 	RESERVED
 CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...)
-	TODO: check
+	NOT-FOR-US: NOSH
 CVE-2023-24609
 	RESERVED
 CVE-2023-24608
@@ -3312,7 +3312,7 @@ CVE-2023-23942
 CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...)
 	NOT-FOR-US: SwagPayPal
 CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin Contracts
 CVE-2023-23939
 	RESERVED
 CVE-2023-23938
@@ -3328,7 +3328,7 @@ CVE-2023-23934
 CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...)
 	NOT-FOR-US: OpenSearch Anomaly Detection
 CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management  ...)
-	TODO: check
+	NOT-FOR-US: OpenDDS
 CVE-2023-23931
 	RESERVED
 CVE-2023-23930
@@ -3342,7 +3342,7 @@ CVE-2023-23927
 CVE-2023-23926
 	RESERVED
 CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...)
-	TODO: check
+	NOT-FOR-US: Switcher
 CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...)
 	- php-dompdf <not-affected> (Vulnerable code not in any Debian released version)
 	NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
@@ -5639,9 +5639,9 @@ CVE-2023-23122
 CVE-2023-23121
 	RESERVED
 CVE-2023-23120 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2023-23119 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2023-23118
 	RESERVED
 CVE-2023-23117
@@ -5659,7 +5659,7 @@ CVE-2023-23112
 CVE-2023-23111
 	RESERVED
 CVE-2023-23110 (An exploitable firmware modification vulnerability was discovered in c ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-23109
 	RESERVED
 CVE-2023-23108
@@ -5756,9 +5756,9 @@ CVE-2013-10010 (A vulnerability classified as problematic has been found in zero
 CVE-2023-23088 (Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1 ...)
 	TODO: check
 CVE-2023-23087 (An issue was found in MojoJson v1.2.3 allows attackers to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: MojoJson
 CVE-2023-23086 (Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: MojoJson
 CVE-2023-23085
 	RESERVED
 CVE-2023-23084
@@ -5980,7 +5980,7 @@ CVE-2023-22977
 CVE-2023-22976
 	RESERVED
 CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). ...)
-	TODO: check
+	NOT-FOR-US: jfinal_cms
 CVE-2023-22974
 	RESERVED
 CVE-2023-22973



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00d88108011dc4fe14572909b91cad0df9e76c97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00d88108011dc4fe14572909b91cad0df9e76c97
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230206/572acbd7/attachment.htm>

More information about the debian-security-tracker-commits mailing list