[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 30 10:38:06 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a39868dd by Moritz Muehlenhoff at 2022-09-30T11:37:42+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -375,6 +375,7 @@ CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ..
 	NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
 CVE-2022-3351
 	RESERVED
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3350
 	RESERVED
 CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified  ...)
@@ -629,6 +630,7 @@ CVE-2022-3331
 	RESERVED
 CVE-2022-3330
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3329
 	RESERVED
 CVE-2022-30544
@@ -693,6 +695,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3325
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
 	- vim 2:9.0.0626-1
 	NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
@@ -1254,6 +1257,7 @@ CVE-2022-3294
 	RESERVED
 CVE-2022-3293
 	RESERVED
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-41336
@@ -1278,24 +1282,29 @@ CVE-2022-41327
 	RESERVED
 CVE-2022-3291
 	RESERVED
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3289
 	RESERVED
 CVE-2022-3288
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin  ...)
 	- fwupd 1.8.5-1
 	[bullseye] - fwupd <no-dsa> (Minor issue)
 	NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
 CVE-2022-3286
 	RESERVED
+	- gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3285
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3284
 	RESERVED
 CVE-2022-3283
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3282
 	RESERVED
 CVE-2022-41326
@@ -1320,6 +1329,7 @@ CVE-2022-3280
 	RESERVED
 CVE-2022-3279
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...)
 	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
@@ -6606,8 +6616,10 @@ CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
 CVE-2022-3067
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3066
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3064
@@ -6679,6 +6691,7 @@ CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command
 	NOT-FOR-US: PowerCMS
 CVE-2022-3060
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3059
 	RESERVED
 CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
@@ -7334,6 +7347,7 @@ CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2
 	NOT-FOR-US: Nokia
 CVE-2022-3018
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
 	- froxlor <itp> (bug #581792)
 CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286. ...)
@@ -8385,6 +8399,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
 CVE-2022-2904
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2902
@@ -8600,6 +8615,7 @@ CVE-2022-2883
 	RESERVED
 CVE-2022-2882
 	RESERVED
+	- gitlab <unfixed>
 CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either  ...)
 	- bind9 1:9.18.7-1
 	[bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/671ee415/attachment.htm>

More information about the debian-security-tracker-commits mailing list