[Git][security-tracker-team/security-tracker][master] 2 commits: new gitlab issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78a7a183 by Moritz Muehlenhoff at 2022-11-21T13:40:20+01:00
new gitlab issues

- - - - -
f31d24af by Moritz Muehlenhoff at 2022-11-21T13:49:50+01:00
two additional CVEs from August Nvidia advisory, copy over existing entries for older suites

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20240,7 +20240,7 @@ CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
 CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...)
 	- routinator <itp> (bug #929024)
 CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...)
@@ -21867,7 +21867,7 @@ CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal i
 CVE-2022-2827
 	RESERVED
 CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-38361
@@ -31714,9 +31714,43 @@ CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow v
 	[buster] - nvidia-cuda-toolkit <no-dsa> (Minor issue)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373
 CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
-	TODO: check
+	- nvidia-graphics-drivers 470.141.03-1
+	[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
+	[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
+	- nvidia-graphics-drivers-legacy-340xx <unfixed>
+	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+	- nvidia-graphics-drivers-legacy-390xx 390.154-1
+	[bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
+	- nvidia-graphics-drivers-tesla-418 <unfixed>
+	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+	- nvidia-graphics-drivers-tesla-450 450.203.03-1
+	[bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1
+	- nvidia-graphics-drivers-tesla-460 460.106.00-3
+	[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+	NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
+	- nvidia-graphics-drivers-tesla-470 470.141.03-1
+	[bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1
+	- nvidia-graphics-drivers-tesla-510 510.85.02-1
 CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
-	TODO: check
+	- nvidia-graphics-drivers 470.141.03-1
+	[bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1
+	[buster] - nvidia-graphics-drivers <ignored> (Non-free not supported)
+	- nvidia-graphics-drivers-legacy-340xx <unfixed>
+	[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+	- nvidia-graphics-drivers-legacy-390xx 390.154-1
+	[bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1
+	[buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1
+	- nvidia-graphics-drivers-tesla-418 <unfixed>
+	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+	- nvidia-graphics-drivers-tesla-450 450.203.03-1
+	[bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1
+	- nvidia-graphics-drivers-tesla-460 460.106.00-3
+	[bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+	NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
+	- nvidia-graphics-drivers-tesla-470 470.141.03-1
+	[bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1
+	- nvidia-graphics-drivers-tesla-510 510.85.02-1
 CVE-2022-34664
 	RESERVED
 CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29...f31d24af95fd6c3933e507152be88b85d49902f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4736cf4bc21ff490c1ef8fafd4f15638f5ff3d29...f31d24af95fd6c3933e507152be88b85d49902f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/88af08bc/attachment.htm>