Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31dafbc7 by Salvatore Bonaccorso at 2023-05-05T11:17:45+02:00
Process batch of gitlab issues
Temporarily all gitlab CVEs are still considered to be part of unstable,
as maintainer plan to reintroduce it after the bookworm release. Only
separate those as not-affeced which are EE specific.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1481,7 +1481,7 @@ CVE-2023-2184
CVE-2023-2183
RESERVED
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-2181
RESERVED
CVE-2023-2180
@@ -2398,7 +2398,7 @@ CVE-2023-2071
CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-2068
RESERVED
CVE-2023-2067
@@ -2964,7 +2964,7 @@ CVE-2023-1967 (Keysight N8844A Data Analytics Web Service
deserializes untrusted
CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x
contain ...)
NOT-FOR-US: Illumina
CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-30464
RESERVED
CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and
subsequent ...)
@@ -5944,7 +5944,7 @@ CVE-2023-1838 (A use-after-free flaw was found in
vhost_net_set_backend in drive
CVE-2023-1837
RESERVED
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1835
RESERVED
CVE-2023-1834
@@ -10527,7 +10527,7 @@ CVE-2023-22434
CVE-2023-1266
RESERVED
CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.139 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
@@ -10832,7 +10832,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to
V1.0.10.94 contains a fi
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is
vulnerable to cr ...)
NOT-FOR-US: NETGEAR
CVE-2023-1204 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of
Hub Bu ...)
NOT-FOR-US: Devolutions
CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin
User vault ...)
@@ -11424,7 +11424,7 @@ CVE-2023-27606
CVE-2023-27605
RESERVED
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-27604
RESERVED
CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn
materia ...)
@@ -16752,7 +16752,7 @@ CVE-2023-25692 (Improper Input Validation vulnerability
in the Apache Airflow Go
CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow
Google P ...)
NOT-FOR-US: Apache Airflow Google Provider
CVE-2023-0805 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
{DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
@@ -17154,7 +17154,7 @@ CVE-2023-25177
CVE-2023-24014
RESERVED
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0755 (The affected products are vulnerable to an improper validation
of arra ...)
NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or
wraparo ...)
@@ -20382,7 +20382,7 @@ CVE-2023-0487 (The My Sticky Elements WordPress plugin
before 2.0.9 does not pro
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external
attacker t ...)
NOT-FOR-US: VitalPBX
CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions
starting ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &
Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -25139,7 +25139,7 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress
plugin before 5.1.5 does
CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0
does no ...)
@@ -32748,7 +32748,7 @@ CVE-2022-4379 (A use-after-free vulnerability was found
in __nfs42_ssc_open() in
CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has
been dec ...)
NOT-FOR-US: S-CMS
CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL
subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dafbc7644c3583991a140b09e65750860b51cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dafbc7644c3583991a140b09e65750860b51cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
