[Git][security-tracker-team/security-tracker][master] gitlab issues fixed in sid (more to investigate)
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Dec 24 19:48:45 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7368f17 by Moritz Muehlenhoff at 2023-12-24T20:48:00+01:00
gitlab issues fixed in sid (more to investigate)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4738,7 +4738,7 @@ CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-4317 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-49735 (** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleRes ...)
- tiles <unfixed> (unimportant; bug #1057315)
NOTE: https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p
@@ -4808,11 +4808,11 @@ CVE-2023-42916 (An out-of-bounds read was addressed with improved input validati
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0011.html
CVE-2023-3964 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3949 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3443 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-39226 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...)
NOT-FOR-US: Delta Electronics
CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao PMS 18.8 ...)
@@ -9427,13 +9427,13 @@ CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions
CVE-2023-5600
- gitlab <not-affected> (Specific to EE)
CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all versions start ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
NOT-FOR-US: pkp-lib
CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
@@ -15268,7 +15268,7 @@ CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...)
NOT-FOR-US: Silabs
CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...)
@@ -15286,7 +15286,7 @@ CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authe
CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...)
NOT-FOR-US: Hospital management system
CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
NOT-FOR-US: Zod
CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
@@ -15342,13 +15342,13 @@ CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an Authenticated
CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an unauthenticated SQL ...)
NOT-FOR-US: Asset Management System
CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...)
@@ -19324,7 +19324,7 @@ CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote
CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...)
NOT-FOR-US: Lexmark
CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
NOT-FOR-US: Free and Open Source Inventory Management System
CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
@@ -19377,19 +19377,19 @@ CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier,
CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4638
- gitlab <unfixed>
CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-40325
@@ -19889,7 +19889,7 @@ CVE-2023-4526
CVE-2023-4525
REJECTED
CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...)
NOT-FOR-US: PTC Codebeamer
CVE-2023-41269
@@ -23833,7 +23833,7 @@ CVE-2023-3993 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-3994 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 16.0.8+ds1-1
CVE-2023-3900 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3500 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 16.0.8+ds1-1
CVE-2023-3401 (An issue has been discovered in GitLab affecting all versions before 1 ...)
@@ -34986,9 +34986,9 @@ CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Ev
CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute ...)
NOT-FOR-US: Zephyr
CVE-2023-2233 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
NOT-FOR-US: MAXTECH
CVE-2023-2230
@@ -41887,7 +41887,7 @@ CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0
CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System ...)
NOT-FOR-US: SourceCodester Judging Management System
CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro versions ...)
@@ -44604,7 +44604,7 @@ CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control inde
CVE-2023-1280
RESERVED
CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: IBOS
CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...)
@@ -45077,7 +45077,7 @@ CVE-2023-1212 (Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/
CVE-2023-1211 (SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.)
- phpipam <itp> (bug #731713)
CVE-2023-1210 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records ...)
NOT-FOR-US: ServiceNow
CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary dat ...)
@@ -48794,7 +48794,7 @@ CVE-2023-0991
CVE-2023-0990
RESERVED
CVE-2023-0989 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -53358,7 +53358,7 @@ CVE-2023-0634
CVE-2023-0633 (In Docker Desktop on Windows before 4.12.0 an argument injection to in ...)
NOT-FOR-US: Docker Desktop
CVE-2023-0632 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does not preve ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0630 (The Slimstat Analytics WordPress plugin before 4.9.3.3 does not preven ...)
@@ -60037,7 +60037,7 @@ CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe
CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...)
- gitlab 15.10.8+ds1-2
CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-0119 (A stored Cross-site scripting vulnerability was found in foreman. The ...)
- foreman <itp> (bug #663101)
CVE-2023-0118 (An arbitrary code execution flaw was found in Foreman. This flaw allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7368f1755d8b9ef1ac51c62b9730553abec453e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7368f1755d8b9ef1ac51c62b9730553abec453e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231224/8b874537/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list