[Git][security-tracker-team/security-tracker][master] Process batch of gitlab issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 5 10:19:05 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
31dafbc7 by Salvatore Bonaccorso at 2023-05-05T11:17:45+02:00
Process batch of gitlab issues
Temporarily all gitlab CVEs are still considered to be part of unstable,
as maintainer plan to reintroduce it after the bookworm release. Only
separate those as not-affeced which are EE specific.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1481,7 +1481,7 @@ CVE-2023-2184
CVE-2023-2183
RESERVED
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-2181
RESERVED
CVE-2023-2180
@@ -2398,7 +2398,7 @@ CVE-2023-2071
CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-2068
RESERVED
CVE-2023-2067
@@ -2964,7 +2964,7 @@ CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes untrusted
CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x contain ...)
NOT-FOR-US: Illumina
CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-30464
RESERVED
CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...)
@@ -5944,7 +5944,7 @@ CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drive
CVE-2023-1837
RESERVED
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1835
RESERVED
CVE-2023-1834
@@ -10527,7 +10527,7 @@ CVE-2023-22434
CVE-2023-1266
RESERVED
CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
@@ -10832,7 +10832,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a fi
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...)
NOT-FOR-US: NETGEAR
CVE-2023-1204 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
NOT-FOR-US: Devolutions
CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...)
@@ -11424,7 +11424,7 @@ CVE-2023-27606
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-27604
RESERVED
CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...)
@@ -16752,7 +16752,7 @@ CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow Go
CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow Google P ...)
NOT-FOR-US: Apache Airflow Google Provider
CVE-2023-0805 (An issue has been discovered in GitLab EE affecting all versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
{DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
@@ -17154,7 +17154,7 @@ CVE-2023-25177
CVE-2023-24014
RESERVED
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...)
@@ -20382,7 +20382,7 @@ CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not pro
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
NOT-FOR-US: VitalPBX
CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -25139,7 +25139,7 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does
CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
@@ -32748,7 +32748,7 @@ CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in
CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...)
NOT-FOR-US: S-CMS
CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dafbc7644c3583991a140b09e65750860b51cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dafbc7644c3583991a140b09e65750860b51cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230505/9dbd4ccf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list