[Git][security-tracker-team/security-tracker][master] new gitlab issues

Tue, 07 Dec 2021 09:56:50 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a97d30e by Moritz Muehlenhoff at 2021-12-07T18:56:19+01:00
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,9 +18,9 @@ CVE-2021-44686 (calibre before 5.32.0 contains a regular 
expression that is vuln
        NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
        NOTE: 
https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348
 (v5.33.0)
 CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the 
Branches Aren' ...)
-       TODO: check
+       NOT-FOR-US: git-it
 CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. 
The ran ...)
-       TODO: check
+       NOT-FOR-US: naholyr github-todos
 CVE-2021-44683
        RESERVED
 CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault 
through 1 ...)
@@ -14960,7 +14960,7 @@ CVE-2021-39892
 CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access 
tokens creat ...)
        - gitlab <unfixed>
 CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some 
specific  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an 
insecure di ...)
        - gitlab <not-affected> (Specific to Enterprise Edition)
 CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific 
API endpo ...)
@@ -25319,7 +25319,6 @@ CVE-2021-35604 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
        - mysql-8.0 <unfixed>
        - mysql-5.7 <removed>
        NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
-       TODO: clarify MariaDB 10.6 status
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise 
Edition produc ...)
        {DSA-5012-1 DSA-5000-1 DLA-2814-1}
        - openjdk-17 17.0.1+12-1
@@ -54824,7 +54823,7 @@ CVE-2021-23760
 CVE-2021-23759
        RESERVED
 CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to 
Deserialization of ...)
-       TODO: check
+       NOT-FOR-US: ajaxpro
 CVE-2021-23757
        RESERVED
 CVE-2021-23756
@@ -55216,7 +55215,7 @@ CVE-2021-23564
 CVE-2021-23563
        RESERVED
 CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name 
containing ...)
-       TODO: check
+       NOT-FOR-US: Node plupload
 CVE-2021-23561
        RESERVED
 CVE-2021-23560
@@ -58422,7 +58421,7 @@ CVE-2021-22171 (Insufficient validation of 
authentication parameters in GitLab P
        [experimental] - gitlab 13.6.6-1
        - gitlab <unfixed>
 CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ 
allows  ...)
-       TODO: check
+       - gitlab <unfixed>
 CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which 
leaked intern ...)
        - gitlab <not-affected> (Specific to EE)
        NOTE: 
https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97d30e3e46d65fdf85cb7c5a5f36197a173794

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a97d30e3e46d65fdf85cb7c5a5f36197a173794
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to