[Git][security-tracker-team/security-tracker][master] gitlab fixes in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Apr 20 12:21:14 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37cbb2b5 by Moritz Muehlenhoff at 2025-04-20T13:20:43+02:00
gitlab fixes in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40945,7 +40945,7 @@ CVE-2024-9678 (An SQL Injection vulnerability existed in DLP Extension 11.11.1.3
 CVE-2024-8798 (No proper validation of the length of user input in olcp_ind_handler i ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions from 15 ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab 17.5.5-1
 CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing access  ...)
@@ -41668,9 +41668,9 @@ CVE-2024-9387 (An issue was discovered in GitLab CE/EE affecting all versions fr
 CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	- gitlab <unfixed>
 CVE-2024-8647 (An issue was discovered in GitLab affecting all versions starting 15.2 ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab 17.5.5-1
 CVE-2024-55888 (Hush Line is an open-source whistleblower management system. Starting  ...)
@@ -45999,7 +45999,7 @@ CVE-2024-8899 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensi
 CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested to take  ...)
 	- cri-o <itp> (bug #979702)
 CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab CE/EE af ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
@@ -49806,7 +49806,7 @@ CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2024-9472 (A null pointer dereference in Palo Alto Networks PAN-OS software on PA ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-8648 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.5.5-1
 CVE-2024-8180 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <not-affected> (Vulnerable code introduced later)
 CVE-2024-7787 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -60959,7 +60959,7 @@ CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio that
 CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
 	NOT-FOR-US: Schneider
 CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-3
 CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an unauthori ...)
@@ -64378,7 +64378,7 @@ CVE-2024-9029 (A flaw was found in the freeimage library. Processing a crafted i
 CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8974 (Information disclosure in Gitlab EE/CE affecting all versions from 15. ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-3
 CVE-2024-8965 (The Absolute Reviews plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8922 (The Product Enquiry for WooCommerce, WooCommerce product catalog plugi ...)
@@ -67248,7 +67248,7 @@ CVE-2024-46673 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.10.9-1
 	NOTE: https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)
 CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-3
 CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This ...)
 	NOT-FOR-US: idoit pro
 CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This vulnerabilit ...)
@@ -67274,7 +67274,7 @@ CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted extension
 CVE-2024-8694 (A vulnerability, which was classified as problematic, was found in JFi ...)
 	NOT-FOR-US: JFinalCMS
 CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-8635 (A server-side request forgery issue has been discovered in GitLab EE a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37cbb2b53fe364307db288927dcad7dc353bd5c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37cbb2b53fe364307db288927dcad7dc353bd5c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250420/51a06c7b/attachment.htm>

More information about the debian-security-tracker-commits mailing list