[Git][security-tracker-team/security-tracker][master] record gitlab fixes in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 4 19:48:54 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee52cff6 by Moritz Muehlenhoff at 2025-04-04T20:48:16+02:00
record gitlab fixes in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18174,7 +18174,7 @@ CVE-2025-0108 (An authentication bypass in the Palo Alto Networks PAN-OS softwar
 CVE-2024-8266 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	- gitlab <unfixed>
 CVE-2024-7102 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-57605 (Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 ...)
 	NOT-FOR-US: Daylight Studio Fuel CMS
 CVE-2024-57604 (An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to e ...)
@@ -35272,7 +35272,7 @@ CVE-2024-8798 (No proper validation of the length of user input in olcp_ind_hand
 CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions from 15 ...)
 	- gitlab <unfixed>
 CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing access  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-56112 (CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or us ...)
@@ -35997,7 +35997,7 @@ CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting
 CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-55888 (Hush Line is an open-source whistleblower management system. Starting  ...)
 	NOT-FOR-US: Hush Line
 CVE-2024-55886 (OpenSearch Data Prepper is a component of the OpenSearch project that  ...)
@@ -40327,9 +40327,9 @@ CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab CE/
 CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-53976 (Under certain circumstances, navigating to a webpage would result in t ...)
 	- firefox <not-affected> (Specific to Firefox on iOS)
 CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port may cau ...)
@@ -61602,7 +61602,7 @@ CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress i
 CVE-2024-8311 (An issue was discovered with pipeline execution policies in GitLab EE  ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not escape th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF ...)
@@ -65770,7 +65770,7 @@ CVE-2024-8076 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B2023
 CVE-2024-8075 (A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862_B2023 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-8041 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-7848 (The User Private Files \u2013 WordPress File Sharing Plugin plugin for ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7778 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
@@ -69696,10 +69696,10 @@ CVE-2024-0113 (NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vuln
 CVE-2024-7557 (A vulnerability was found in OpenShift AI that allows for authenticati ...)
 	NOT-FOR-US: OpenShift
 CVE-2024-7610 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/468917
 CVE-2024-7554 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/471555
 CVE-2024-7490 (Improper Input Validation vulnerability in Microchip Techology Advance ...)
 	NOT-FOR-US: Microchip
@@ -73558,15 +73558,15 @@ CVE-2024-1724 (In snapd versions prior to 2.62, when using AppArmor for enforcem
 CVE-2023-7271 (Privilege escalation vulnerability in the NMS module Impact: Successfu ...)
 	NOT-FOR-US: Huawei
 CVE-2024-7091 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-7081 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
 	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-7060 (An information disclosure vulnerability in GitLab CE/EE in project/gro ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-7057 (An information disclosure vulnerability in GitLab CE/EE affecting all  ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-7047 (A cross site scripting vulnerability exists in GitLab CE/EE affecting  ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-6972 (In affected versions of Octopus Server under certain circumstances it  ...)
 	NOT-FOR-US: Octopus Server
 CVE-2024-5067 (An issue was discovered in GitLab EE affecting all versions starting f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee52cff617c3553d34db5b05c8365693cd7eccca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee52cff617c3553d34db5b05c8365693cd7eccca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250404/4aaefe57/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list