[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 9 09:18:09 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2ebeb82 by Salvatore Bonaccorso at 2023-03-09T10:17:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1483,7 +1483,7 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and
 	NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1)
 	NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4)
 CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
 	[experimental] - owslib 0.28.1-1~exp1
 	- owslib <unfixed>
@@ -2494,7 +2494,7 @@ CVE-2023-27090
 CVE-2023-27089
 	RESERVED
 CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: feiqu-opensource Background Vertical
 CVE-2023-27087
 	RESERVED
 CVE-2023-27086
@@ -2758,7 +2758,7 @@ CVE-2023-26958
 CVE-2023-26957
 	RESERVED
 CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
 	NOT-FOR-US: onekeyadmin
 CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
@@ -2766,15 +2766,15 @@ CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site
 CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
 	NOT-FOR-US: onekeyadmin
 CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26951
 	RESERVED
 CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...)
 	NOT-FOR-US: onekeyadmin
 CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
-	TODO: check
+	NOT-FOR-US: onekeyadmin
 CVE-2023-26947
 	RESERVED
 CVE-2023-26946
@@ -3843,7 +3843,7 @@ CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When
 CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
 	NOT-FOR-US: mailcow
 CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
@@ -8771,7 +8771,7 @@ CVE-2023-24784
 CVE-2023-24783
 	RESERVED
 CVE-2023-24782 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: Funadmin
 CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
@@ -8781,7 +8781,7 @@ CVE-2023-24779
 CVE-2023-24778
 	RESERVED
 CVE-2023-24777 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Funadmin
 CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...)
 	NOT-FOR-US: Funadmin
 CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
@@ -10234,7 +10234,7 @@ CVE-2023-24284
 CVE-2023-24283
 	RESERVED
 CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...)
-	TODO: check
+	NOT-FOR-US: Poly Trio 8800
 CVE-2023-24281
 	RESERVED
 CVE-2023-24280



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2ebeb826bbe84b865e402c53ce99fe2d2d28a43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2ebeb826bbe84b865e402c53ce99fe2d2d28a43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230309/87045f73/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list