[Git][security-tracker-team/security-tracker][master] Update notes for furnace CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 19 15:28:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c2a5942 by Salvatore Bonaccorso at 2024-10-19T16:27:26+02:00
Update notes for furnace CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -201066,7 +201066,9 @@ CVE-2022-1291 (XSS vulnerability with default `onCellHtmlData` function in GitHu
CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polo ...)
NOT-FOR-US: Trudesk
CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...)
- - furnace <not-affected> (Fixed before initial upload)
+ - furnace <not-affected> (No Debian released version affected by CVE-2022-1211)
+ NOTE: CVE assigned for incomple fix for CVE-2022-1211.
+ NOTE: https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655
CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...)
- apache-jena 4.5.0-1 (bug #1014982)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
@@ -202421,6 +202423,7 @@ CVE-2022-28378 (Craft CMS before 3.7.29 allows XSS.)
NOT-FOR-US: Craft CMS
CVE-2022-1211 (A vulnerability classified as critical has been found in tildearrow Fu ...)
- furnace <not-affected> (Fixed before initial upload)
+ NOTE: https://github.com/tildearrow/furnace/issues/325
CVE-2022-28377 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...)
NOT-FOR-US: Verizon
CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a5942835544f8861a5ae6a1f460c182c0ba2c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c2a5942835544f8861a5ae6a1f460c182c0ba2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241019/ffd177d5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list