Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits: 533234ea by Neil Williams at 2022-05-23T10:10:40+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5,7 +5,7 @@ CVE-2022-29524 CVE-2022-29506 RESERVED CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to ...) - TODO: check + NOT-FOR-US: yogeshojha/rengine CVE-2022-1812 RESERVED CVE-2022-1811 @@ -5782,11 +5782,11 @@ CVE-2022-29186 (Rundeck is an open source automation service with a web console, CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...) TODO: check CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...) - TODO: check + NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...) - TODO: check + NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21 ...) - TODO: check + NOT-FOR-US: ThoughtWorks GoCD CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...) - ruby-nokogiri <unfixed> (unimportant) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m @@ -6384,7 +6384,7 @@ CVE-2022-28997 CVE-2022-28996 RESERVED CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...) - TODO: check + NOT-FOR-US: reNgine CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...) NOT-FOR-US: Small HTTP Server CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...) @@ -12991,7 +12991,7 @@ CVE-2022-0885 CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...) - TODO: check + NOT-FOR-US: SnowGlobe Licence Manager CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...) NOT-FOR-US: Google fuchsia CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...) @@ -15211,7 +15211,7 @@ CVE-2022-21211 CVE-2022-21208 RESERVED CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...) - TODO: check + NOT-FOR-US: AlexFlipnote/url_regex CVE-2022-21192 RESERVED CVE-2022-21191 @@ -17317,7 +17317,7 @@ CVE-2021-45721 CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...) NOT-FOR-US: JFrog Artifactory CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable t ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2021-23163 RESERVED CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and Liferay D ...) @@ -19552,7 +19552,7 @@ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remov NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) NOTE: CONFIG_MMC_MOXART is not set in Debian. CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image] RESERVED - libnbd 1.10.5-1 (bug #1005307) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits