[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jan 13 11:48:42 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
551c7058 by Moritz Muehlenhoff at 2023-01-13T12:38:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2023-XXXX [tor TROVE-2022-02]
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc
 CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...)
-	TODO: check
+	NOT-FOR-US: Axigen
 CVE-2023-23565
 	RESERVED
 CVE-2023-23564
@@ -184,21 +184,21 @@ CVE-2023-0260
 CVE-2023-0259
 	RESERVED
 CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2022-48260
 	RESERVED
 CVE-2022-48259
 	RESERVED
 CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...)
-	TODO: check
+	NOT-FOR-US: Eternal Terminal
 CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...)
-	TODO: check
+	NOT-FOR-US: Eternal Terminal
 CVE-2022-48256 (Technitium DNS Server before 10.0 allows a self-CNAME denial-of-servic ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of the Nim ...)
 	TODO: check
 CVE-2023-23492
@@ -557,10 +557,11 @@ CVE-2023-23349
 	RESERVED
 CVE-2023-0229
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2023-0228
 	RESERVED
 CVE-2023-0227 (Insufficient Session Expiration in GitHub repository pyload/pyload pri ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2023-0226
 	RESERVED
 CVE-2023-0225
@@ -1394,7 +1395,7 @@ CVE-2023-22965
 CVE-2023-22964
 	RESERVED
 CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...)
-	TODO: check
+	NOT-FOR-US: Dart language (different from src:dart)
 CVE-2023-22962
 	RESERVED
 CVE-2023-22961
@@ -1426,7 +1427,7 @@ CVE-2023-22949
 CVE-2023-22948
 	RESERVED
 CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...)
-	TODO: check
+	- shibboleth-sp <not-affected> (Windows-specific)
 CVE-2023-22946
 	RESERVED
 CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...)
@@ -1592,7 +1593,7 @@ CVE-2015-10037 (A vulnerability, which was classified as critical, was found in
 CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...)
 	NOT-FOR-US: kylebebak dronfelipe
 CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It has been  ...)
-	TODO: check
+	NOT-FOR-US: backdrop-contrib Basic Cart
 CVE-2023-22924
 	RESERVED
 CVE-2023-22923
@@ -57668,7 +57669,7 @@ CVE-2021-46797
 CVE-2021-46796
 	RESERVED
 CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46794
 	RESERVED
 CVE-2021-46793
@@ -57676,7 +57677,7 @@ CVE-2021-46793
 CVE-2021-46792
 	RESERVED
 CVE-2021-46791 (Insufficient input validation during parsing of the System Management  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-30227
 	RESERVED
 CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
@@ -63282,7 +63283,7 @@ CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14
 CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...)
 	NOT-FOR-US: AMD
 CVE-2021-46777
@@ -63304,9 +63305,9 @@ CVE-2021-46770
 CVE-2021-46769
 	RESERVED
 CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46766
 	RESERVED
 CVE-2021-46765
@@ -64581,9 +64582,9 @@ CVE-2022-27889 (The Multipass service was found to have code paths that could be
 CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...)
 	NOT-FOR-US: Foundry Issues service
 CVE-2022-1102 (A vulnerability classified as problematic has been found in SourceCode ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
 	- gitlab <unfixed>
 CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551c7058b6a787b6bc2437564cef7c4380c6ddd5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/551c7058b6a787b6bc2437564cef7c4380c6ddd5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230113/fd0a2d9e/attachment.htm>

More information about the debian-security-tracker-commits mailing list