[Git][security-tracker-team/security-tracker][master] Mark glpi issues as unimportant

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 8 08:20:03 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
967c8d34 by Salvatore Bonaccorso at 2023-07-08T09:19:31+02:00
Mark glpi issues as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -289,7 +289,7 @@ CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authentica
 CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users to uploa ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-36808 (GLPI is a free asset and IT management software package. Starting in v ...)
-	- glpi <removed>
+	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-36458 (1Panel is an open source Linux server operation and maintenance manage ...)
@@ -297,11 +297,11 @@ CVE-2023-36458 (1Panel is an open source Linux server operation and maintenance
 CVE-2023-36457 (1Panel is an open source Linux server operation and maintenance manage ...)
 	NOT-FOR-US: 1Panel
 CVE-2023-35940 (GLPI is a free asset and IT management software package. Starting in v ...)
-	- glpi <removed>
+	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qrh8-rg45-45fw
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-35939 (GLPI is a free asset and IT management software package. Starting in v ...)
-	- glpi <removed>
+	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup format to a ...)
@@ -1366,7 +1366,9 @@ CVE-2023-35163 (Vega is a decentralized trading platform that allows pseudo-anon
 CVE-2023-35154 (Knowage is an open source analytics and business intelligence suite. S ...)
 	NOT-FOR-US: Knowage
 CVE-2023-34254 (The GLPI Agent is a generic management agent. Prior to version 1.5, if ...)
-	- glpi <removed>
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2023-3394 (Session Fixation in GitHub repository fossbilling/fossbilling prior to ...)
 	NOT-FOR-US: fossbilling
 CVE-2023-3393 (Code Injection in GitHub repository fossbilling/fossbilling prior to 0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967c8d344ba549623c496043c5eddc03e64dc916

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/967c8d344ba549623c496043c5eddc03e64dc916
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230708/70cd0c7b/attachment.htm>

More information about the debian-security-tracker-commits mailing list