[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 30 10:38:06 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a39868dd by Moritz Muehlenhoff at 2022-09-30T11:37:42+02:00
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -375,6 +375,7 @@ CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ..
NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
CVE-2022-3351
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3350
RESERVED
CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified ...)
@@ -629,6 +630,7 @@ CVE-2022-3331
RESERVED
CVE-2022-3330
RESERVED
+ - gitlab <unfixed>
CVE-2022-3329
RESERVED
CVE-2022-30544
@@ -693,6 +695,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb
- rdiffweb <itp> (bug #969974)
CVE-2022-3325
RESERVED
+ - gitlab <unfixed>
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- vim 2:9.0.0626-1
NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
@@ -1254,6 +1257,7 @@ CVE-2022-3294
RESERVED
CVE-2022-3293
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-41336
@@ -1278,24 +1282,29 @@ CVE-2022-41327
RESERVED
CVE-2022-3291
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3289
RESERVED
CVE-2022-3288
RESERVED
+ - gitlab <unfixed>
CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...)
- fwupd 1.8.5-1
[bullseye] - fwupd <no-dsa> (Minor issue)
NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5)
CVE-2022-3286
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3285
RESERVED
+ - gitlab <unfixed>
CVE-2022-3284
RESERVED
CVE-2022-3283
RESERVED
+ - gitlab <unfixed>
CVE-2022-3282
RESERVED
CVE-2022-41326
@@ -1320,6 +1329,7 @@ CVE-2022-3280
RESERVED
CVE-2022-3279
RESERVED
+ - gitlab <unfixed>
CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...)
- vim 2:9.0.0626-1 (unimportant)
NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
@@ -6606,8 +6616,10 @@ CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
CVE-2022-3067
RESERVED
+ - gitlab <unfixed>
CVE-2022-3066
RESERVED
+ - gitlab <unfixed>
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3064
@@ -6679,6 +6691,7 @@ CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command
NOT-FOR-US: PowerCMS
CVE-2022-3060
RESERVED
+ - gitlab <unfixed>
CVE-2022-3059
RESERVED
CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
@@ -7334,6 +7347,7 @@ CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2
NOT-FOR-US: Nokia
CVE-2022-3018
RESERVED
+ - gitlab <unfixed>
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
- froxlor <itp> (bug #581792)
CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286. ...)
@@ -8385,6 +8399,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
CVE-2022-2904
RESERVED
+ - gitlab <unfixed>
CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2902
@@ -8600,6 +8615,7 @@ CVE-2022-2883
RESERVED
CVE-2022-2882
RESERVED
+ - gitlab <unfixed>
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...)
- bind9 1:9.18.7-1
[bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220930/671ee415/attachment.htm>
More information about the debian-security-tracker-commits
mailing list