[Git][security-tracker-team/security-tracker][master] Track some new gitlab CVEs

Thu Jun 2 20:25:16 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fb11d16 by Salvatore Bonaccorso at 2022-06-02T21:14:38+02:00
Track some new gitlab CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -915,6 +915,8 @@ CVE-2022-31814
 	RESERVED
 CVE-2022-1948
 	RESERVED
+	- gitlab <not-affected> (Vulnerable code introduced later)
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1946
@@ -951,6 +953,9 @@ CVE-2022-1945
 	RESERVED
 CVE-2022-1944
 	RESERVED
+	[experimental] - gitlab 14.9.5+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system  ...)
 	- linux 5.17.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -968,6 +973,8 @@ CVE-2022-1941
 	RESERVED
 CVE-2022-1940
 	RESERVED
+	- gitlab <not-affected> (Vulnerable code introduced later)
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1939
 	RESERVED
 CVE-2022-1938
@@ -1007,8 +1014,14 @@ CVE-2022-31797
 	RESERVED
 CVE-2022-1936
 	RESERVED
+	[experimental] - gitlab 14.9.5+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1935
 	RESERVED
+	[experimental] - gitlab 14.9.5+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2. ...)
 	- mruby <undetermined>
 	NOTE: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f/
@@ -2582,6 +2595,9 @@ CVE-2022-1822
 	RESERVED
 CVE-2022-1821
 	RESERVED
+	[experimental] - gitlab 14.9.5+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1820
 	RESERVED
 CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...)
@@ -3284,6 +3300,8 @@ CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/dr
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1783
 	RESERVED
+	- gitlab <not-affected> (Vulnerable code introduced later)
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
 	NOT-FOR-US: erudika/para
 CVE-2022-1781
@@ -4448,6 +4466,9 @@ CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confus
 	NOT-FOR-US: Foxit PDF Reader and PDF Editor
 CVE-2022-1680
 	RESERVED
+	[experimental] - gitlab 14.9.5+ds1-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
 CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s Atheros wi ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb11d1653c56bd573553fd5e1e54482dd7105d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fb11d1653c56bd573553fd5e1e54482dd7105d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220602/493930b3/attachment.htm>
