[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 9 15:13:00 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab643297 by Moritz Muehlenhoff at 2023-10-09T16:12:35+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,7 +85,7 @@ CVE-2023-40632 (In jpg driver, there is a possible use after free due to a logic
 CVE-2023-40631 (In Dialer, there is a possible missing permission check. This could le ...)
 	NOT-FOR-US: Unisoc
 CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...)
-	TODO: check
+	NOT-FOR-US: Subiquity
 CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after  ...)
 	- libxml2 <unfixed> (bug #1053629)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
@@ -119,7 +119,7 @@ CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45311 (fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us- ...)
-	TODO: check
+	NOT-FOR-US: fsevents
 CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if users  ...)
 	NOT-FOR-US: ThingsBoard
 CVE-2023-45282 (In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype polluti ...)
@@ -131,7 +131,7 @@ CVE-2023-45245 (Sensitive information disclosure due to missing authorization. T
 CVE-2023-45244 (Sensitive information disclosure and manipulation due to missing autho ...)
 	NOT-FOR-US: Acronis
 CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit 4fdf178  ...)
-	TODO: check
+	NOT-FOR-US: tac_plus
 CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the canc ...)
 	NOT-FOR-US: D-Link
 CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197  ...)
@@ -159,7 +159,7 @@ CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Be
 CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Che ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry
 CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...)
 	NOT-FOR-US: IBM
 CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab64329783d551fb08086f9a0161157a13bbd217

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab64329783d551fb08086f9a0161157a13bbd217
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231009/599c8447/attachment.htm>

More information about the debian-security-tracker-commits mailing list