[Git][security-tracker-team/security-tracker][master] mark three additional kernel bugs as non issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62470399 by Moritz Muehlenhoff at 2023-03-07T16:34:07+01:00
mark three additional kernel bugs as non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24122,8 +24122,9 @@ CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the applicatio
 CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...)
 	NOT-FOR-US: Softing uaToolkit Embedded
 CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
+	NOTE: Negligible security impact, would need physical access to "exploit"
 CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or Path. ...)
 	NOT-FOR-US: ILIAS
 CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect. ...)
@@ -24217,13 +24218,17 @@ CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scri
 CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who is a pu ...)
 	NOT-FOR-US: Planet eStream
 CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
 	[bullseye] - linux <not-affected> (Vulnerable code introduced later)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/
+	NOTE: Negligible security impact, would need physical access to "exploit"
 CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
-	- linux <unfixed>
+	- linux <unfixed> (unimportant)
+	[bookworm] - linux <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - linux <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/
+	NOTE: Negligible security impact, would need physical access to "exploit"
 CVE-2022-45886 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6247039907a29de9fb32c8a55b95aebe91dd740a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6247039907a29de9fb32c8a55b95aebe91dd740a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230307/d04283dc/attachment.htm>