[Git][security-tracker-team/security-tracker][master] more gitlab issues fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8958b72 by Moritz Muehlenhoff at 2025-01-31T10:00:24+01:00
more gitlab issues fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47615,7 +47615,7 @@ CVE-2024-37382 (An issue discovered in import host feature in Ab Initio Metadata
 CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets    indu ...)
 	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using wildcards in ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/451293
 	NOTE: https://hackerone.com/reports/2416332
 CVE-2024-29082 (Improper access control vulnerability affecting Vonets   industrial wi ...)
@@ -55633,7 +55633,7 @@ CVE-2024-30061 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vuln
 CVE-2024-30013 (Windows MultiPoint Services Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-2177 (A Cross Window Forgery vulnerability exists within GitLab CE/EE affect ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-29153 (A vulnerability was discovered in Samsung Mobile Processor, Wearable P ...)
 	NOT-FOR-US: Siemens
 CVE-2024-28928 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
@@ -57912,7 +57912,7 @@ CVE-2024-37247 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-36829 (Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers ...)
 	NOT-FOR-US: Teldat M1
 CVE-2024-2191 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-28984 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-28983 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 10 ...)
@@ -74805,9 +74805,9 @@ CVE-2024-32672 (A Segmentation Fault issue discovered in   Samsung Open Source E
 CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...)
 	NOT-FOR-US: Samsung
 CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...)
 	NOT-FOR-US: Wind River
 CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...)
@@ -84339,7 +84339,7 @@ CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in th
 CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	- gitlab <unfixed>
+	- gitlab 17.3.5-2
 CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...)
 	- gitlab 17.3.5-2
 CVE-2023-6678 (An issue has been discovered in GitLab EE affecting all versions befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8958b723315f342fe524e9eb5b2a23b01f2f776

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8958b723315f342fe524e9eb5b2a23b01f2f776
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/26a89a3a/attachment-0001.htm>