[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 04 Feb 2022 00:27:34 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4aa100be by Moritz Muehlenhoff at 2022-02-04T09:27:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -262,7 +262,7 @@ CVE-2022-0473
 CVE-2022-24308
        RESERVED
 CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect 
access cont ...)
-       TODO: check
+       NOT-FOR-US: Mastodon
 CVE-2022-24306
        RESERVED
 CVE-2022-24305
@@ -529,7 +529,7 @@ CVE-2022-0433 [missing initialization in bloom filter map 
in kernel/bpf/bloom_fi
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
        NOTE: Fixed by: 
https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
 CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon 
prior to 3. ...)
-       TODO: check
+       NOT-FOR-US: Mastodon
 CVE-2022-0431
        RESERVED
 CVE-2022-0430
@@ -874,7 +874,7 @@ CVE-2022-24125
 CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection 
vulnerabili ...)
        NOT-FOR-US: Casdoor
 CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a 
mermaid block ...)
-       TODO: check
+       NOT-FOR-US: MarkText
 CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total 
Connect ...)
        NOT-FOR-US: Unified Office
 CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity 
(XXE) a ...)
@@ -963,7 +963,7 @@ CVE-2022-0403
 CVE-2022-0402
        RESERVED
 CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
-       TODO: check
+       NOT-FOR-US: Node w-zip
 CVE-2022-0400 [Out of bounds read in the smc protocol stack]
        RESERVED
        - linux <unfixed>
@@ -2831,9 +2831,9 @@ CVE-2022-23605
 CVE-2022-23604
        RESERVED
 CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application 
for use wi ...)
-       TODO: check
+       NOT-FOR-US: iTunesRPC-Remastered
 CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in 
Nim. In  ...)
-       TODO: check
+       NOT-FOR-US: Nimforum
 CVE-2022-23601 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony <not-affected> (Vulnerable code not present; no Debian 
released version contained the vulnerable code)
        NOTE: 
https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
@@ -11522,11 +11522,11 @@ CVE-2021-44884
 CVE-2021-44883
        RESERVED
 CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to 
contain a  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was 
discovered to co ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 
DIR_882 ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2021-44879
        RESERVED
 CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept 
and succe ...)
@@ -11554,7 +11554,7 @@ CVE-2021-44868
 CVE-2021-44867
        RESERVED
 CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 
1.0. The ...)
-       TODO: check
+       NOT-FOR-US: Online-Movie-Ticket-Booking-System
 CVE-2021-44865
        RESERVED
 CVE-2021-44864
@@ -13392,9 +13392,9 @@ CVE-2021-44249 (Online Motorcycle (Bike) Rental System 
1.0 is vulnerable to a Bl
 CVE-2021-44248
        RESERVED
 CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R 
v5.9c.4729_B201 ...)
-       TODO: check
+       NOT-FOR-US: Totolink
 CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R 
v5.9c.4729_B201 ...)
-       TODO: check
+       NOT-FOR-US: Totolink
 CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 
19 Testi ...)
        NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
 CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester 
Logistic Hub Pa ...)
@@ -14494,7 +14494,7 @@ CVE-2022-21712
 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework 
that parse ...)
        NOT-FOR-US: elfspirit
 CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local 
short de ...)
-       TODO: check
+       NOT-FOR-US: ShortDescription MediaWiki extension
 CVE-2022-21709
        RESERVED
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In 
version ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa100be6ac2ae9b8c0afabf69aa48976fd6ff76
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to