[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 17 18:30:55 GMT 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7cd35a5 by Moritz Muehlenhoff at 2023-02-17T19:30:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35994,7 +35994,7 @@ CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer ov
 CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...)
 	NOT-FOR-US: Bento4
 CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...)
-	TODO: check
+	NOTE: Generic Diffie-Hellman protocol issue
 CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
 	NOT-FOR-US: Laravel Filemanager
 CVE-2022-40733
@@ -46039,7 +46039,7 @@ CVE-2022-2585
 CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks. ...)
 	NOT-FOR-US: go-codec-dagpb
 CVE-2022-2583 (A race condition can cause incorrect HTTP request routing. ...)
-	TODO: check
+	NOT-FOR-US: ntbosscher/gobase
 CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...)
 	- golang-github-aws-aws-sdk-go 1.34.22-1
 	[buster] - golang-github-aws-aws-sdk-go <postponed> (Limited support, minor issue, hash leak, invasive, follow bullseye DSAs/point-releases)
@@ -46070,7 +46070,7 @@ CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/
 	NOTE: https://github.com/gin-gonic/gin/pull/2237
 	NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0)
 CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...)
-	TODO: check
+	NOT-FOR-US: Go whyrusleeping/tar-utils
 CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...)
 	TODO: check
 CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...)
@@ -46082,9 +46082,9 @@ CVE-2019-25075 (HTML injection combined with path traversal in the Email service
 CVE-2019-25074
 	RESERVED
 CVE-2019-25073 (Improper path santiziation in github.com/goadesign/goa before v3.0.9,  ...)
-	TODO: check
+	NOT-FOR-US: github.com/goadesign/goa
 CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a cryptographi ...)
-	TODO: check
+	NOT-FOR-US: github.com/dinever/golf
 CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a deserializat ...)
 	NOT-FOR-US: Apache Geode
 CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a dese ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cd35a5f272daaabd45f8e575b5b894253097aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7cd35a5f272daaabd45f8e575b5b894253097aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230217/80c1471e/attachment.htm>


More information about the debian-security-tracker-commits mailing list