[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 20 15:14:17 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
145caeb1 by Moritz Muehlenhoff at 2023-03-20T16:13:53+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2016-15029
 CVE-2012-10009
 	RESERVED
 CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
-	TODO: check
+	NOT-FOR-US: RockOA
 CVE-2023-1500 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Simple Art Gallery
 CVE-2023-1499 (A vulnerability classified as critical was found in code-projects Simp ...)
-	TODO: check
+	NOT-FOR-US: Simple Art Gallery
 CVE-2023-1498 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: Responsive Hotel Site
 CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...)
 	NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
 CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...)
-	TODO: check
+	NOT-FOR-US: imgproxy
 CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...)
 	- org-mode <unfixed>
 	[bullseye] - org-mode <no-dsa> (Minor issue)
@@ -63,7 +63,7 @@ CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed Wi
 CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...)
 	NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
 CVE-2022-4933 (A vulnerability, which was classified as critical, has been found in A ...)
-	TODO: check
+	NOT-FOR-US: Dolibarr module
 CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...)
 	NOT-FOR-US: ONLYOFFICE
 CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...)
@@ -74,7 +74,7 @@ CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6)
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-3.13.1)
 CVE-2015-10096 (A vulnerability, which was classified as critical, was found in Zarthu ...)
-	TODO: check
+	NOT-FOR-US: Zarthus IRC Twitter Announcer Bot
 CVE-2023-28608
 	RESERVED
 CVE-2023-28607 (js/event-graph.js in MISP before 2.4.169 allows XSS via the event-grap ...)
@@ -379,7 +379,7 @@ CVE-2023-1456
 CVE-2023-1455 (A vulnerability classified as critical was found in SourceCodester Onl ...)
 	NOT-FOR-US: SourceCodester Online Pizza Ordering System
 CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-boot 3. ...)
-	TODO: check
+	NOT-FOR-US: jeecg-boot
 CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...)
 	NOT-FOR-US: Watchdog Anti-Virus
 CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It  ...)
@@ -387,9 +387,9 @@ CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master
 	NOTE: https://github.com/gpac/gpac/issues/2386
 	NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f
 CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified as pr ...)
-	TODO: check
+	NOT-FOR-US: MP4v2
 CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...)
-	TODO: check
+	NOT-FOR-US: MP4v2
 CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/2387
@@ -1696,15 +1696,15 @@ CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF gene
 CVE-2023-28114
 	RESERVED
 CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in version 0.3 ...)
-	TODO: check
+	NOT-FOR-US: russh
 CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-28110 (Jumpserver is a popular open source bastion host, and Koko is a Jumpse ...)
-	TODO: check
+	NOT-FOR-US: Jumpserver
 CVE-2023-28109 (Play With Docker is a browser-based Docker playground. Versions 0.0.2  ...)
-	TODO: check
+	NOT-FOR-US: Play with Docker
 CVE-2023-28108 (Pimcore is an open source data and experience management platform. Pri ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
@@ -1714,7 +1714,7 @@ CVE-2023-28106 (Pimcore is an open source data and experience management platfor
 CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...)
 	TODO: check
 CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...)
-	TODO: check
+	NOT-FOR-US: silverstripe/graphql
 CVE-2023-28103
 	RESERVED
 CVE-2023-28102
@@ -3239,9 +3239,9 @@ CVE-2023-27594 (Cilium is a networking, observability, and security solution wit
 CVE-2023-27593 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2023-27592 (Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically  ...)
-	TODO: check
+	NOT-FOR-US: Miniflux
 CVE-2023-27591 (Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Miniflux
 CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
 	NOT-FOR-US: Rizin
 CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145caeb1a8698c15c2f7892d32b9fe9abe732bfe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145caeb1a8698c15c2f7892d32b9fe9abe732bfe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230320/09910f7b/attachment.htm>

More information about the debian-security-tracker-commits mailing list