[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 21 19:30:36 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a930978 by Salvatore Bonaccorso at 2024-09-21T20:30:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119269,7 +119269,7 @@ CVE-2023-27585 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
 	NOTE: https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
 CVE-2023-27584 (Dragonfly is an open source P2P-based file distribution and image acce ...)
-	TODO: check
+	NOT-FOR-US: Dragonfly
 CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
 	NOT-FOR-US: PanIndex
 CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...)
@@ -138979,7 +138979,7 @@ CVE-2022-4535
 CVE-2022-4534
 	RESERVED
 CVE-2022-4533 (The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vuln ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4531
@@ -204081,13 +204081,13 @@ CVE-2022-25779 (Logging of Excessive Data vulnerability in audit log of Secomea
 CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea G ...)
 	NOT-FOR-US: Secomea
 CVE-2022-25777 (Prior to the patched version, an authenticated user of Mautic could re ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25776 (Prior to the patched version, logged in users of Mautic are able to ac ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25775 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25774 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25773
 	RESERVED
 CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
@@ -204095,11 +204095,11 @@ CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking c
 CVE-2022-25771
 	RESERVED
 CVE-2022-25770 (Mautic allows you to update the application via an upgrade script.  Th ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25769 (ImpactThe default .htaccess file has some restrictions in the access t ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25768 (The logic in place to facilitate the update process via the user inter ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
 	{DSA-5206-1 DLA-3279-1}
 	- trafficserver 9.1.3+ds-1
@@ -269151,11 +269151,11 @@ CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper o
 	NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
 	NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
 CVE-2021-27917 (Prior to this patch, a stored XSS vulnerability existed in the contact ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27916 (Prior to the patched version, logged in users of Mautic are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27915 (Prior to the patched version, there is an XSS vulnerability in the des ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer component  ...)
 	NOT-FOR-US: installer component of Mautic
 CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a9309788ef83470a55a184f706974f20267924e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a9309788ef83470a55a184f706974f20267924e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240921/c8b12337/attachment.htm>

More information about the debian-security-tracker-commits mailing list