[Git][security-tracker-team/security-tracker][master] 4 commits: Add CVE-2022-3639/gitlab

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88603f8c by Salvatore Bonaccorso at 2022-10-22T21:16:32+02:00
Add CVE-2022-3639/gitlab

- - - - -
423e517a by Salvatore Bonaccorso at 2022-10-22T21:16:34+02:00
Add CVE-2022-3638/nginx

- - - - -
1839a54f by Salvatore Bonaccorso at 2022-10-22T21:16:35+02:00
Add CVE-2022-3637/bluez

- - - - -
7d7c8e9e by Salvatore Bonaccorso at 2022-10-22T21:16:37+02:00
Add CVE-2022-3636/linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -493,13 +493,18 @@ CVE-2022-3640 (A vulnerability, which was classified as critical, was found in L
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
 CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2022-3638 (A vulnerability was found in Nginx and classified as problematic. This ...)
-	TODO: check
+	- nginx <not-affected> (Vulnerable code not present)
+	NOTE: http://hg.nginx.org/nginx/rev/0422365794f7
+	NOTE: Introduced by: https://github.com/nginx/nginx/commit/5178da4f94fbae1daec2800bc7fd74cd2923c5bd (release-1.23.1)
+	NOTE: Fixed by: https://github.com/nginx/nginx/commit/14341ce2377d38a268261e0fec65b6915ae6e95e (release-1.23.1)
 CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...)
-	TODO: check
+	- bluez 5.65-1
+	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65)
 CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux  ...)
-	TODO: check
+	- linux <not-affected> (No vulnerable code in any upstream or Debian released version)
+	NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
 CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)
 	TODO: check
 CVE-2022-3634



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd62ac22052c7dbf94e235670cc1e341b4345c62...7d7c8e9e56db4240ea9c4048c86eb8fbe9bd214d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd62ac22052c7dbf94e235670cc1e341b4345c62...7d7c8e9e56db4240ea9c4048c86eb8fbe9bd214d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221022/d6dd8725/attachment-0001.htm>