[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) Fri, 30 Sep 2022 02:38:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a39868dd by Moritz Muehlenhoff at 2022-09-30T11:37:42+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -375,6 +375,7 @@ CVE-2022-3352 (Use After Free in GitHub repository vim/vim 
prior to 9.0.0614. ..
        NOTE: 
https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 
(v9.0.0614)
 CVE-2022-3351
        RESERVED
+       - gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3350
        RESERVED
 CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been 
classified  ...)
@@ -629,6 +630,7 @@ CVE-2022-3331
        RESERVED
 CVE-2022-3330
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3329
        RESERVED
 CVE-2022-30544
@@ -693,6 +695,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub 
repository ikus060/rdiffweb
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3325
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0. ...)
        - vim 2:9.0.0626-1
        NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
@@ -1254,6 +1257,7 @@ CVE-2022-3294
        RESERVED
 CVE-2022-3293
        RESERVED
+       - gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub 
repository iku ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-41336
@@ -1278,24 +1282,29 @@ CVE-2022-41327
        RESERVED
 CVE-2022-3291
        RESERVED
+       - gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub 
reposito ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2022-3289
        RESERVED
 CVE-2022-3288
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish 
plugin  ...)
        - fwupd 1.8.5-1
        [bullseye] - fwupd <no-dsa> (Minor issue)
        NOTE: 
https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 
(1.8.5)
 CVE-2022-3286
        RESERVED
+       - gitlab <not-affected> (Only affects Gitlab EE)
 CVE-2022-3285
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3284
        RESERVED
 CVE-2022-3283
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3282
        RESERVED
 CVE-2022-41326
@@ -1320,6 +1329,7 @@ CVE-2022-3280
        RESERVED
 CVE-2022-3279
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
9.0.055 ...)
        - vim 2:9.0.0626-1 (unimportant)
        NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/
@@ -6606,8 +6616,10 @@ CVE-2022-39046 (An issue was discovered in the GNU C 
Library (glibc) 2.36. When
        NOTE: Fixed by: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1
 CVE-2022-3067
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3066
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio 
prior to 20 ...)
        NOT-FOR-US: jgraph/drawio
 CVE-2022-3064
@@ -6679,6 +6691,7 @@ CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado 
Inc. contains a command
        NOT-FOR-US: PowerCMS
 CVE-2022-3060
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3059
        RESERVED
 CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 
105.0.5195.52 ...)
@@ -7334,6 +7347,7 @@ CVE-2022-38788 (An issue was discovered in Nokia FastMile 
5G Receiver 5G14-B 1.2
        NOT-FOR-US: Nokia
 CVE-2022-3018
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository 
froxlor/froxlor ...)
        - froxlor <itp> (bug #581792)
 CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286. 
...)
@@ -8385,6 +8399,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was 
found in the Linux kernel's
        NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
 CVE-2022-2904
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 
unserialis ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2902
@@ -8600,6 +8615,7 @@ CVE-2022-2883
        RESERVED
 CVE-2022-2882
        RESERVED
+       - gitlab <unfixed>
 CVE-2022-2881 (The underlying bug might cause read past end of the buffer and 
either  ...)
        - bind9 1:9.18.7-1
        [bullseye] - bind9 <ignored> (Flawed code present in 9.16 but masked by 
the way the httpd objects are reset between messages)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a39868ddd2967a62ffaea876a5f708f6125f3646
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new gitlab issues

Reply via email to