[Git][security-tracker-team/security-tracker][master] Process two NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 4 18:47:01 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa1e57e7 by Salvatore Bonaccorso at 2024-01-04T19:45:35+01:00
Process two NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,7 +66,7 @@ CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-sit
 	- tinymce <removed>
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg
 CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of  ...)
-	TODO: check
+	NOT-FOR-US: Newtonsoft.Json
 CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...)
 	- apktool <unfixed>
 	NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w
@@ -149,7 +149,7 @@ CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A sec
 CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...)
 	NOT-FOR-US: Tamaki_hamanoki Line
 CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...)
-	TODO: check
+	NOT-FOR-US: couch-auth Node.js module
 CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...)
 	NOT-FOR-US: PaddlePaddle
 CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa1e57e7327f18e8287f0dcc093c848ac3ab557c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa1e57e7327f18e8287f0dcc093c848ac3ab557c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240104/ffd75d99/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list