[Git][security-tracker-team/security-tracker][master] Adjust tracking for kanboard landing in unstable

Salvatore Bonaccorso (@carnil) Sun, 11 Sep 2022 05:30:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
81100da7 by Salvatore Bonaccorso at 2022-09-11T14:27:57+02:00
Adjust tracking for kanboard landing in unstable

All issues were fixed in a version before the initial upload to Debian,
and never an issue with the source in Debian. As such mark those as
not-affected with our Fixed before initial upload to Debian reason.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -242966,7 +242966,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) 
exists in ZoneMinder through
        NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802
        NOTE: See README.Debian.security, only supported behind an 
authenticated HTTP zone
 CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in 
pagination  ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 
does not ...)
        NOT-FOR-US: LightySoft LogMX
 CVE-2019-7322
@@ -323623,41 +323623,41 @@ CVE-2017-15214 (Stored XSS vulnerability in 
Flyspray 1.0-rc4 before 1.0-rc6 allo
 CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an 
authenti ...)
        NOT-FOR-US: Flyspray
 CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an 
authenticated use ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM 
dissector cou ...)
        - wireshark 2.4.2-1 (low)
        [jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -331043,9 +331043,9 @@ CVE-2017-12852 (The numpy.pad function in Numpy 
1.13.1 and older versions is mis
        NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
        NOTE: Negligible security impact
 CVE-2017-12851 (An authenticated standard user could reset the password of the 
admin b ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-12850 (An authenticated standard user could reset the password of 
other users ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
        NOTE: 
https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae
 CVE-2017-12849 (Response discrepancy in the login and password reset forms in 
SilverSt ...)
        NOT-FOR-US: SilverStripe CMS
@@ -439375,7 +439375,7 @@ CVE-2014-3940 (The Linux kernel through 3.14.5 does 
not properly consider the pr
 CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise 
Linux ( ...)
        - sosreport <not-affected> (RedHat-specific issue)
 CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard 
before 1.0 ...)
-       - kanboard 1.2.22+ds-1 (bug #790814)
+       - kanboard <not-affected> (Fixed before initial upload to Debian)
 CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 
3.9.2421.13.mp ...)
        NOT-FOR-US: Netgear
 CVE-2014-3918



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81100da7fd4451dd7a10ddd0e243af84259dcc5d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81100da7fd4451dd7a10ddd0e243af84259dcc5d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Adjust tracking for kanboard landing in unstable

Reply via email to