[Git][security-tracker-team/security-tracker][master] more gitlab issues fixed

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 29 19:18:09 GMT 2025



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64b4379b by Moritz Muehlenhoff at 2025-01-29T20:18:00+01:00
more gitlab issues fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50855,7 +50855,7 @@ CVE-2024-41459 (Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based b
 CVE-2024-41136 (An authenticated command injection vulnerability exists in the HPE Aru ...)
 	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateways
 CVE-2024-0231 (A resource misdirection vulnerability in GitLab CE/EE versions 12.0 pr ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-41091 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	{DSA-5747-1 DLA-4008-1}
 	- linux 6.9.12-1
@@ -57411,9 +57411,9 @@ CVE-2024-22231 (Syndic cache directory creation is vulnerable to a directory tra
 CVE-2024-1839 (Intrado 911 Emergency Gateway login form is vulnerable to an unauthent ...)
 	NOT-FOR-US: Intrado 911 Emergency Gateway
 CVE-2024-1816 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-1493 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-1330 (The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-XXXX [RUSTSEC-2024-0345]
@@ -61527,11 +61527,11 @@ CVE-2024-20784 (Adobe Experience Manager versions 6.5.20 and earlier are affecte
 CVE-2024-20769 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2024-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-1736 (An issue has been discovered in GitLab CE/EE affecting all versions pr ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-1495 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2023-52890 (NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in l ...)
 	- ntfs-3g 1:2022.10.3-3 (bug #1073248)
 	[bookworm] - ntfs-3g 1:2022.10.3-1+deb12u1
@@ -66922,7 +66922,7 @@ CVE-2024-36011 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d2706004a1b8b526592e823d7e52551b518a7941 (6.9)
 CVE-2024-1947 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
 CVE-2023-6502 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
 	- gitlab 17.3.5-2
@@ -79854,7 +79854,7 @@ CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec
 CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...)
 	NOT-FOR-US: MonsterInsights Google Analytics
 CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User or Custo ...)
@@ -99028,7 +99028,7 @@ CVE-2024-0861 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2023-4895 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-1525 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2023-6477 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4379b60afbd83aa872f00f2fd91af1810a54a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64b4379b60afbd83aa872f00f2fd91af1810a54a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250129/ceb20c7a/attachment.htm>


More information about the debian-security-tracker-commits mailing list