[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 9 16:34:25 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30e46586 by Salvatore Bonaccorso at 2024-03-09T17:33:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript
 CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...)
 	TODO: check
 CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter with a f ...)
-	TODO: check
+	NOT-FOR-US: Wasmi
 CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...)
 	TODO: check
 CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
@@ -319,7 +319,7 @@ CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.1
 CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...)
-	TODO: check
+	NOT-FOR-US: kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP)
 CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...)
@@ -490,9 +490,9 @@ CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for Go. SQL injection can
 	NOTE: https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 (v5.5.4)
 	NOTE: https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df (v4.18.2)
 CVE-2024-27303 (electron-builder is a solution to package and build a ready for distri ...)
-	TODO: check
+	NOT-FOR-US: electron-builder
 CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...)
-	TODO: check
+	NOT-FOR-US: go-zero
 CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...)
 	- golang-github-jackc-pgx <unfixed> (bug #1065686)
 	[bookworm] - golang-github-jackc-pgx <no-dsa> (Minor issue)
@@ -559,7 +559,7 @@ CVE-2023-49979 (A directory listing vulnerability in Customer Support System v1
 CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows non-admi ...)
 	NOT-FOR-US: Customer Support System
 CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...)
-	TODO: check
+	NOT-FOR-US: go-saml
 CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...)
 	NOT-FOR-US: Vanderbilt REDCap
 CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/ad5c4355/attachment.htm>

More information about the debian-security-tracker-commits mailing list