Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
872e619b by Neil Williams at 2022-05-26T10:35:51+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6919,7 +6919,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior
to versions 6.5.6 and
CVE-2022-29247
RESERVED
CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29245
RESERVED
CVE-2022-29244
@@ -6965,7 +6965,7 @@ CVE-2022-29225
CVE-2022-29224
RESERVED
CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG)
embedded st ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer
Security. ...)
- snowflake <unfixed> (bug #1011458)
NOTE:
https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh
@@ -6976,7 +6976,7 @@ CVE-2022-29221 (Smarty is a template engine for PHP,
facilitating the separation
CVE-2022-29220
RESERVED
CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum
Consensus spec ...)
- TODO: check
+ NOT-FOR-US: chainsafe/lodestar
CVE-2022-29218 (RubyGems is a package registry used to supply software for the
Ruby la ...)
NOT-FOR-US: rubygems/rubygems.org
CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports
multiple ...)
@@ -6984,9 +6984,9 @@ CVE-2022-29217 (PyJWT is a Python implementation of RFC
7519. PyJWT supports mul
CVE-2022-29216 (TensorFlow is an open source platform for machine learning.
Prior to v ...)
- tensorflow <itp> (bug #804612)
CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain
events i ...)
- TODO: check
+ NOT-FOR-US: PocketMine plugin
CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication
solution for ...)
- TODO: check
+ NOT-FOR-US: NextAuth.js
CVE-2022-29213 (TensorFlow is an open source platform for machine learning.
Prior to v ...)
- tensorflow <itp> (bug #804612)
CVE-2022-29212 (TensorFlow is an open source platform for machine learning.
Prior to v ...)
@@ -7645,7 +7645,7 @@ CVE-2022-29004 (Diary Management System v1.0 was
discovered to contain a cross-s
CVE-2022-29003
RESERVED
CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: xxl-job
CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix
parameter is not ...)
NOT-FOR-US: SpringBootMovie
CVE-2022-29000
@@ -80643,7 +80643,7 @@ CVE-2021-27781
CVE-2021-27780
RESERVED
CVE-2021-27779 (VersionVault Express exposes sensitive information that an
attacker ca ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-27778
RESERVED
CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when
poorly ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
