[Git][security-tracker-team/security-tracker][master] new libgclib, gitlabs issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 5 16:05:21 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6f34639 by Moritz Muehlenhoff at 2021-10-05T17:04:36+02:00
new libgclib, gitlabs issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,8 @@ CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the
CVE-2021-42007
RESERVED
CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...)
- TODO: check
+ - libgclib <unfixed>
+ NOTE: https://github.com/gpertea/gclib/issues/11
CVE-2021-42005
RESERVED
CVE-2021-42004
@@ -926,9 +927,9 @@ CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosur
CVE-2021-41594
RESERVED
CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...)
- TODO: check
+ NOT-FOR-US: Lightning Labs lnd
CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
- TODO: check
+ NOT-FOR-US: Blockstream c-lightning
CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
NOT-FOR-US: ACINQ Eclair
CVE-2021-41590
@@ -1963,7 +1964,7 @@ CVE-2021-41120
CVE-2021-41119
RESERVED
CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
- TODO: check
+ NOT-FOR-US: DynamicPageList3 MediaWiki Extension
CVE-2021-41117
RESERVED
CVE-2021-41116
@@ -2001,7 +2002,7 @@ CVE-2021-41102
CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
NOT-FOR-US: wire-server
CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...)
- TODO: check
+ NOT-FOR-US: wire-server
CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...)
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
@@ -2284,7 +2285,7 @@ CVE-2021-40977
CVE-2021-40976
RESERVED
CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...)
- TODO: check
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2021-40974
RESERVED
CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
@@ -2326,7 +2327,7 @@ CVE-2021-40962
CVE-2021-40961
RESERVED
CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Galera WebTemplate
CVE-2021-40959
RESERVED
CVE-2021-40958
@@ -2401,11 +2402,11 @@ CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.ph
CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
NOT-FOR-US: infaveo-helpdesk
CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
- TODO: check
+ NOT-FOR-US: Pixeline Bugs
CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
- TODO: check
+ NOT-FOR-US: Pixeline Bugs
CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
- TODO: check
+ NOT-FOR-US: Pixeline Bugs
CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
NOT-FOR-US: Detector
CVE-2021-40920
@@ -4792,15 +4793,15 @@ CVE-2021-39902
CVE-2021-39901
RESERVED
CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39898
RESERVED
CVE-2021-39897
RESERVED
CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39895
RESERVED
CVE-2021-39894
@@ -4834,29 +4835,29 @@ CVE-2021-39881
CVE-2021-39880
RESERVED
CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39878
RESERVED
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39876
RESERVED
CVE-2021-39875
RESERVED
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39872
RESERVED
CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39870
RESERVED
CVE-2021-39869
RESERVED
CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-39867
RESERVED
CVE-2021-39866
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f34639898f3b15e66cf740c48f3997e1356a33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6f34639898f3b15e66cf740c48f3997e1356a33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211005/d9e217df/attachment.htm>
More information about the debian-security-tracker-commits
mailing list