[Git][security-tracker-team/security-tracker][master] Update entry for CVE-2021-39939

Mon Feb 14 18:54:00 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eedd7c94 by Salvatore Bonaccorso at 2022-02-14T19:52:50+01:00
Update entry for CVE-2021-39939

Associate it with gitlab-ci-multi-runner, as it is an issue in this
source package.

Mark it not-affected as the problematic code got introduced only after
version 13.3.1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29746,10 +29746,9 @@ CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions
 CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
-	- gitlab <unfixed>
+	- gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
 	NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
-	NOTE: fix released in 14.3.4, 14.6 in experimental.
 CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version  ...)
 	- gitlab <unfixed>
 CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eedd7c947a7cbd42915ba0f33874ee903e6af510

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eedd7c947a7cbd42915ba0f33874ee903e6af510
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/2f21b158/attachment.htm>
