[Git][security-tracker-team/security-tracker][master] auto-nfu: Add gitlab

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45a80eb5 by Moritz Muehlenhoff at 2026-06-12T11:00:46+02:00
auto-nfu: Add gitlab

Gitlab has been removed from unstable, was never part of a stable release
and will never come back. As such there's no good reason to track it as
<removed>, so to reduce toil also track is as NFU via the CNA.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -547,7 +547,7 @@ CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body of
 CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are vulnerab ...)
 	TODO: check
 CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	NOT-FOR-US: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
 CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct credential-gu ...)
@@ -559,7 +559,7 @@ CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to Stored Cro ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1500 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	NOT-FOR-US: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
 CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak, which prov ...)
 	TODO: check
 CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the f ...)
@@ -583,11 +583,11 @@ CVE-2026-10847 (A local privilege escalation vulnerability exists in Check Point
 CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-10733 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
-	TODO: check
+	NOT-FOR-US: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
 CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service vulnerability ...)
 	TODO: check
 CVE-2026-10087 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
-	TODO: check
+	NOT-FOR-US: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
 CVE-2026-0274 (An improper validation of credentials vulnerability in the CommvaultSe ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2026-0273 (A command injection vulnerability in Palo Alto Networks PAN-OS\xae sof ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -113,6 +113,8 @@
   cna: GE_Vernova
 - reason: Github Enterprise Server
   cna: GitHub_P
+- reason: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
+  cna: GitLab
 - reason: Google devices
   cna: Google_Devices
 - reason: Hanwha Vision



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45a80eb5591a4d421aefd4de44901a5801cc5cbb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45a80eb5591a4d421aefd4de44901a5801cc5cbb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/b3a283c5/attachment.htm>