[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 7 17:56:40 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a97d30e by Moritz Muehlenhoff at 2021-12-07T18:56:19+01:00
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,9 +18,9 @@ CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vuln
NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
- TODO: check
+ NOT-FOR-US: git-it
CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
- TODO: check
+ NOT-FOR-US: naholyr github-todos
CVE-2021-44683
RESERVED
CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
@@ -14960,7 +14960,7 @@ CVE-2021-39892
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
- gitlab <unfixed>
CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
@@ -25319,7 +25319,6 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
- TODO: clarify MariaDB 10.6 status
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
{DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
@@ -54824,7 +54823,7 @@ CVE-2021-23760
CVE-2021-23759
RESERVED
CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...)
- TODO: check
+ NOT-FOR-US: ajaxpro
CVE-2021-23757
RESERVED
CVE-2021-23756
@@ -55216,7 +55215,7 @@ CVE-2021-23564
CVE-2021-23563
RESERVED
CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...)
- TODO: check
+ NOT-FOR-US: Node plupload
CVE-2021-23561
RESERVED
CVE-2021-23560
@@ -58422,7 +58421,7 @@ CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab P
[experimental] - gitlab 13.6.6-1
- gitlab <unfixed>
CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
- gitlab <not-affected> (Specific to EE)
NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97d30e3e46d65fdf85cb7c5a5f36197a173794
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97d30e3e46d65fdf85cb7c5a5f36197a173794
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211207/d22352e0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list