[Git][security-tracker-team/security-tracker][master] Add some new gitlab CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83049c83 by Salvatore Bonaccorso at 2022-08-31T07:14:25+02:00
Add some new gitlab CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -589,6 +589,9 @@ CVE-2022-3032
 	RESERVED
 CVE-2022-3031
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-3030
 	RESERVED
 CVE-2022-3029
@@ -787,6 +790,9 @@ CVE-2022-2993
 	RESERVED
 CVE-2022-2992
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM  ...)
 	- linux 5.15.3-1 (unimportant)
 	[bullseye] - linux 5.10.120-1
@@ -1153,6 +1159,9 @@ CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustl
 	NOT-FOR-US: Mobiledoc Kit
 CVE-2022-2931
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...)
 	- octoprint <itp> (bug #718591)
 CVE-2022-2929
@@ -1624,8 +1633,14 @@ CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exme
 	NOT-FOR-US: Exment
 CVE-2022-2908
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2907
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2906
 	RESERVED
 CVE-2022-2905
@@ -1926,6 +1941,9 @@ CVE-2022-2866
 	RESERVED
 CVE-2022-2865
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2864
 	RESERVED
 CVE-2022-2863
@@ -4632,6 +4650,9 @@ CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prio
 	NOT-FOR-US: ToolJet
 CVE-2022-2630
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2629
 	RESERVED
 CVE-2022-2628
@@ -5365,6 +5386,9 @@ CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servl
 	NOT-FOR-US: Zimbra
 CVE-2022-2592
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2591 (A vulnerability classified as critical has been found in TEM FLEX-1085 ...)
 	NOT-FOR-US: TEM
 CVE-2022-37040
@@ -6789,6 +6813,9 @@ CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 CVE-2022-2533
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -6821,6 +6848,9 @@ CVE-2022-36430
 	RESERVED
 CVE-2022-2527
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...)
 	- gdk-pixbuf 2.42.8+dfsg-1
 	[buster] - gdk-pixbuf <not-affected> (Vulnerable code not present; GIF animation support added later)
@@ -7725,6 +7755,9 @@ CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11
 	NOT-FOR-US: HashiCorp Vault
 CVE-2022-2455
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-36128
 	RESERVED
 CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The  ...)
@@ -8326,6 +8359,9 @@ CVE-2022-2429
 	RESERVED
 CVE-2022-2428
 	RESERVED
+	[experimental] - gitlab 15.2.3+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-2427
 	RESERVED
 CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83049c833badfe4f103ea27580aa4c9e3e5ffe4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83049c833badfe4f103ea27580aa4c9e3e5ffe4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220831/0677ee88/attachment.htm>