[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 6 10:46:12 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
258bbb99 by Moritz Muehlenhoff at 2021-10-06T11:46:00+02:00
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -334,7 +334,7 @@ CVE-2021-41863
 CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...)
 	NOT-FOR-US: AviatorScript
 CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...)
-	TODO: check
+	NOT-FOR-US: Telegram for Android
 CVE-2021-41860
 	RESERVED
 CVE-2021-41859
@@ -1970,15 +1970,15 @@ CVE-2021-41126
 CVE-2021-41125
 	RESERVED
 CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...)
-	TODO: check
+	NOT-FOR-US: Scrapy-splash
 CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...)
 	NOT-FOR-US: Survey Solutions
 CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2021-41121
 	RESERVED
 CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
-	TODO: check
+	NOT-FOR-US: sylius/paypal-plugin
 CVE-2021-41119
 	RESERVED
 CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
@@ -1992,9 +1992,9 @@ CVE-2021-41116 (Composer is an open source dependency manager for the PHP langua
 CVE-2021-41115
 	RESERVED
 CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
-	TODO: check
+	NOT-FOR-US: Typo3
 CVE-2021-41112
 	RESERVED
 CVE-2021-41111
@@ -2037,9 +2037,9 @@ CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions
 CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...)
 	NOT-FOR-US: Discourse
 CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...)
-	TODO: check
+	NOT-FOR-US: Wire by Bund
 CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...)
-	TODO: check
+	NOT-FOR-US: Wire iOS
 CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
 	TODO: check
 CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
@@ -4825,33 +4825,33 @@ CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin
 CVE-2021-39895
 	RESERVED
 CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39892
 	RESERVED
 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39890
 	RESERVED
 CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
 	TODO: check
 CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
@@ -4863,25 +4863,25 @@ CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 1
 CVE-2021-39876
 	RESERVED
 CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
 	- gitlab <unfixed>
 CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
 	- gitlab <unfixed>
 CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
 	- gitlab <unfixed>
 CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
 	- gitlab <unfixed>
 CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6  ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39864



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258bbb9931bbeaa6df140b22199bc871da793463

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258bbb9931bbeaa6df140b22199bc871da793463
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211006/a655326b/attachment.htm>

More information about the debian-security-tracker-commits mailing list