Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
156430c8 by Moritz Muehlenhoff at 2023-12-24T23:37:26+01:00
more gitlab issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2240,11 +2240,11 @@ CVE-2023-3511 (An issue has been discovered in GitLab
EE affecting all versions
CVE-2023-3907 (A privilege escalation vulnerability in GitLab EE affecting all
versio ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5061 (An issue has been discovered in GitLab affecting all versions
starting ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5512 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-6051 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-6680 (An improper certificate validation issue in Smartcard
authentication i ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-6564
@@ -4724,7 +4724,7 @@ CVE-2023-6442 (A vulnerability was found in PHPGurukul
Nipah Virus Testing Manag
CVE-2023-6440 (A vulnerability was found in SourceCodester Book Borrower
System 1.0 a ...)
NOT-FOR-US: SourceCodester
CVE-2023-6033 (Improper neutralization of input in Jira integration
configuration in ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5995 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5915 (A vulnerability of Uncontrolled Resource Consumption has been
identifi ...)
@@ -4734,7 +4734,7 @@ CVE-2023-5909 (KEPServerEX does not properly validate
certificates from clients
CVE-2023-5908 (KEPServerEX is vulnerable to a buffer overflow which may allow
an atta ...)
NOT-FOR-US: KEPServerEX
CVE-2023-5226 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -9423,7 +9423,7 @@ CVE-2023-46695 (An issue was discovered in Django 3.2
before 3.2.23, 4.1 before
- python-django <not-affected> (Only an issue on windows)
NOTE:
https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5600
@@ -9433,7 +9433,7 @@ CVE-2023-3246 (An issue has been discovered in GitLab
EE/CE affecting all versio
CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 16.4.4+ds2-2
CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab 16.4.4+ds2-2
CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository
pkp/pkp-lib p ...)
@@ -15108,7 +15108,7 @@ CVE-2023-5301 (A vulnerability classified as critical
was found in DedeCMS 5.7.1
CVE-2023-5300 (A vulnerability classified as critical has been found in
TTSPlanning u ...)
NOT-FOR-US: TTSPlanning
CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting
all versi ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a
crash rela ...)
{DSA-5518-1 DLA-3598-1}
- libvpx 1.12.0-1.2
@@ -15281,7 +15281,7 @@ CVE-2023-39410 (When deserializing untrusted or
corrupted data, it is possible f
CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
UserFeedbac ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions
prior to ...)
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an
Insecure File ...)
NOT-FOR-US: Gym Management System Project
CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets
engine d ...)
@@ -16979,7 +16979,7 @@ CVE-2023-2567 (A SQL Injection vulnerability in Nozomi
Networks Guardian and CMC
CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and
CMC, due ...)
NOT-FOR-US: Nozomi Networks Guardian and CMC
CVE-2023-4998
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository
librenms/librenm ...)
NOT-FOR-US: LibreNMS
CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to
unauthent ...)
@@ -19388,7 +19388,7 @@ CVE-2023-3205 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 16.4.4+ds2-2
CVE-2023-4638
- - gitlab <unfixed>
+ - gitlab 16.4.4+ds2-2
CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 16.4.4+ds2-2
CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all
versions fr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
