Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits: 872e619b by Neil Williams at 2022-05-26T10:35:51+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6919,7 +6919,7 @@ CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and CVE-2022-29247 RESERVED CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-29245 RESERVED CVE-2022-29244 @@ -6965,7 +6965,7 @@ CVE-2022-29225 CVE-2022-29224 RESERVED CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) - snowflake <unfixed> (bug #1011458) NOTE: https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh @@ -6976,7 +6976,7 @@ CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation CVE-2022-29220 RESERVED CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...) - TODO: check + NOT-FOR-US: chainsafe/lodestar CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...) NOT-FOR-US: rubygems/rubygems.org CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...) @@ -6984,9 +6984,9 @@ CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports mul CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow <itp> (bug #804612) CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...) - TODO: check + NOT-FOR-US: PocketMine plugin CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication solution for ...) - TODO: check + NOT-FOR-US: NextAuth.js CVE-2022-29213 (TensorFlow is an open source platform for machine learning. Prior to v ...) - tensorflow <itp> (bug #804612) CVE-2022-29212 (TensorFlow is an open source platform for machine learning. Prior to v ...) @@ -7645,7 +7645,7 @@ CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-s CVE-2022-29003 RESERVED CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers ...) - TODO: check + NOT-FOR-US: xxl-job CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not ...) NOT-FOR-US: SpringBootMovie CVE-2022-29000 @@ -80643,7 +80643,7 @@ CVE-2021-27781 CVE-2021-27780 RESERVED CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...) - TODO: check + NOT-FOR-US: HCL CVE-2021-27778 RESERVED CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872e619bc6e0dfb0b71fb6e6d84258db02960ec5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits