[Git][security-tracker-team/security-tracker][master] more gitlab issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Dec 24 22:38:48 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
156430c8 by Moritz Muehlenhoff at 2023-12-24T23:37:26+01:00
more gitlab issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2240,11 +2240,11 @@ CVE-2023-3511 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-3907 (A privilege escalation vulnerability in GitLab EE affecting all versio ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5061 (An issue has been discovered in GitLab affecting all versions starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5512 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-6051 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-6680 (An improper certificate validation issue in Smartcard authentication i ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-6564
@@ -4724,7 +4724,7 @@ CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing Manag
CVE-2023-6440 (A vulnerability was found in SourceCodester Book Borrower System 1.0 a ...)
NOT-FOR-US: SourceCodester
CVE-2023-6033 (Improper neutralization of input in Jira integration configuration in ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5995 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5915 (A vulnerability of Uncontrolled Resource Consumption has been identifi ...)
@@ -4734,7 +4734,7 @@ CVE-2023-5909 (KEPServerEX does not properly validate certificates from clients
CVE-2023-5908 (KEPServerEX is vulnerable to a buffer overflow which may allow an atta ...)
NOT-FOR-US: KEPServerEX
CVE-2023-5226 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -9423,7 +9423,7 @@ CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before
- python-django <not-affected> (Only an issue on windows)
NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5600
@@ -9433,7 +9433,7 @@ CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versio
CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 16.4.4+ds2-2
CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab 16.4.4+ds2-2
CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
@@ -15108,7 +15108,7 @@ CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.1
CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...)
NOT-FOR-US: TTSPlanning
CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...)
{DSA-5518-1 DLA-3598-1}
- libvpx 1.12.0-1.2
@@ -15281,7 +15281,7 @@ CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible f
CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...)
NOT-FOR-US: Gym Management System Project
CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...)
@@ -16979,7 +16979,7 @@ CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC
CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
CVE-2023-4998
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
NOT-FOR-US: LibreNMS
CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...)
@@ -19388,7 +19388,7 @@ CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions sta
CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 16.4.4+ds2-2
CVE-2023-4638
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 16.4.4+ds2-2
CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231224/04e4b642/attachment.htm>
More information about the debian-security-tracker-commits
mailing list