Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 156430c8 by Moritz Muehlenhoff at 2023-12-24T23:37:26+01:00 more gitlab issues fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2240,11 +2240,11 @@ CVE-2023-3511 (An issue has been discovered in GitLab EE affecting all versions CVE-2023-3907 (A privilege escalation vulnerability in GitLab EE affecting all versio ...) - gitlab <not-affected> (Specific to EE) CVE-2023-5061 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-5512 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-6051 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-6680 (An improper certificate validation issue in Smartcard authentication i ...) - gitlab <not-affected> (Specific to EE) CVE-2023-6564 @@ -4724,7 +4724,7 @@ CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing Manag CVE-2023-6440 (A vulnerability was found in SourceCodester Book Borrower System 1.0 a ...) NOT-FOR-US: SourceCodester CVE-2023-6033 (Improper neutralization of input in Jira integration configuration in ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-5995 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) CVE-2023-5915 (A vulnerability of Uncontrolled Resource Consumption has been identifi ...) @@ -4734,7 +4734,7 @@ CVE-2023-5909 (KEPServerEX does not properly validate certificates from clients CVE-2023-5908 (KEPServerEX is vulnerable to a buffer overflow which may allow an atta ...) NOT-FOR-US: KEPServerEX CVE-2023-5226 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab <not-affected> (Specific to EE) CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions start ...) @@ -9423,7 +9423,7 @@ CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before - python-django <not-affected> (Only an issue on windows) NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions from ...) - gitlab <not-affected> (Specific to EE) CVE-2023-5600 @@ -9433,7 +9433,7 @@ CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versio CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 16.4.4+ds2-2 CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab 16.4.4+ds2-2 CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) @@ -15108,7 +15108,7 @@ CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.1 CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...) NOT-FOR-US: TTSPlanning CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...) {DSA-5518-1 DLA-3598-1} - libvpx 1.12.0-1.2 @@ -15281,7 +15281,7 @@ CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible f CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...) NOT-FOR-US: WordPress plugin CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...) - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...) NOT-FOR-US: Gym Management System Project CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...) @@ -16979,7 +16979,7 @@ CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...) NOT-FOR-US: Nozomi Networks Guardian and CMC CVE-2023-4998 - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) NOT-FOR-US: LibreNMS CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...) @@ -19388,7 +19388,7 @@ CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions sta CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-4638 - - gitlab <unfixed> + - gitlab 16.4.4+ds2-2 CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 16.4.4+ds2-2 CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/156430c88c0cdc9dddada6bd591605717bcc5b19 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits