Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
533234ea by Neil Williams at 2022-05-23T10:10:40+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2022-29524
CVE-2022-29506
RESERVED
CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine
prior to ...)
- TODO: check
+ NOT-FOR-US: yogeshojha/rengine
CVE-2022-1812
RESERVED
CVE-2022-1811
@@ -5782,11 +5782,11 @@ CVE-2022-29186 (Rundeck is an open source automation
service with a web console,
CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA
authentific ...)
TODO: check
CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior
to 22.1.0 ...)
- TODO: check
+ NOT-FOR-US: ThoughtWorks GoCD
CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0
until 21.4. ...)
- TODO: check
+ NOT-FOR-US: ThoughtWorks GoCD
CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0
through 21 ...)
- TODO: check
+ NOT-FOR-US: ThoughtWorks GoCD
CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby.
Nokogiri pri ...)
- ruby-nokogiri <unfixed> (unimportant)
NOTE:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
@@ -6384,7 +6384,7 @@ CVE-2022-28997
CVE-2022-28996
RESERVED
CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code
execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: reNgine
CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer
overflow v ...)
NOT-FOR-US: Small HTTP Server
CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers
to perfo ...)
@@ -12991,7 +12991,7 @@ CVE-2022-0885
CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths
Security ...)
- TODO: check
+ NOT-FOR-US: SnowGlobe Licence Manager
CVE-2022-0882 (A bug exists where an attacker can read the kernel log through
exposed ...)
NOT-FOR-US: Google fuchsia
CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository
chocobo ...)
@@ -15211,7 +15211,7 @@ CVE-2022-21211
CVE-2022-21208
RESERVED
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular
Expression ...)
- TODO: check
+ NOT-FOR-US: AlexFlipnote/url_regex
CVE-2022-21192
RESERVED
CVE-2022-21191
@@ -17317,7 +17317,7 @@ CVE-2021-45721
CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to
Broken A ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2021-23163
RESERVED
CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and
Liferay D ...)
@@ -19552,7 +19552,7 @@ CVE-2022-0487 (A use-after-free vulnerability was found
in rtsx_usb_ms_drv_remov
NOTE:
https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
NOTE: CONFIG_MMC_MOXART is not set in Debian.
CVE-2022-0486 (Improper file permissions in the CommandPost, Collector,
Sensor, and S ...)
- TODO: check
+ NOT-FOR-US: Fidelis
CVE-2022-0485 [nbdcopy: missing error handling may create corrupted
destination image]
RESERVED
- libnbd 1.10.5-1 (bug #1005307)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/533234ea0e0c5463b5194724076cda36475d60da
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
