Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37cbb2b5 by Moritz Muehlenhoff at 2025-04-20T13:20:43+02:00
gitlab fixes in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40945,7 +40945,7 @@ CVE-2024-9678 (An SQL Injection vulnerability existed
in DLP Extension 11.11.1.3
CVE-2024-8798 (No proper validation of the length of user input in
olcp_ind_handler i ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2024-8650 (An issue was discovered in GitLab CE/EE affecting all versions
from 15 ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8116 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab 17.5.5-1
CVE-2024-5333 (The Events Calendar WordPress plugin before 6.8.2.1 is missing
access ...)
@@ -41668,9 +41668,9 @@ CVE-2024-9387 (An issue was discovered in GitLab CE/EE
affecting all versions fr
CVE-2024-9367 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- gitlab <unfixed>
CVE-2024-8647 (An issue was discovered in GitLab affecting all versions
starting 15.2 ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8233 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8179 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab 17.5.5-1
CVE-2024-55888 (Hush Line is an open-source whistleblower management system.
Starting ...)
@@ -45999,7 +45999,7 @@ CVE-2024-8899 (The Jeg Elementor Kit plugin for
WordPress is vulnerable to Sensi
CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested
to take ...)
- cri-o <itp> (bug #979702)
CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab
CE/EE af ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
@@ -49806,7 +49806,7 @@ CVE-2024-9633 (An issue has been discovered in GitLab
CE/EE affecting all versio
CVE-2024-9472 (A null pointer dereference in Palo Alto Networks PAN-OS
software on PA ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-8648 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.5.5-1
CVE-2024-8180 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-7787 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -60959,7 +60959,7 @@ CVE-2024-9046 (A DLL hijack vulnerability was reported
in Lenovo stARstudio that
CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
NOT-FOR-US: Schneider
CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-3
CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an
unauthori ...)
@@ -64378,7 +64378,7 @@ CVE-2024-9029 (A flaw was found in the freeimage
library. Processing a crafted i
CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable
to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8974 (Information disclosure in Gitlab EE/CE affecting all versions
from 15. ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-3
CVE-2024-8965 (The Absolute Reviews plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8922 (The Product Enquiry for WooCommerce, WooCommerce product
catalog plugi ...)
@@ -67248,7 +67248,7 @@ CVE-2024-46673 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.10.9-1
NOTE:
https://git.kernel.org/linus/919ddf8336f0b84c0453bac583808c9f165a85c2 (6.11-rc6)
CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all
versions fr ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-3
CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version
28. This ...)
NOT-FOR-US: idoit pro
CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This
vulnerabilit ...)
@@ -67274,7 +67274,7 @@ CVE-2024-8695 (A remote code execution (RCE)
vulnerability via crafted extension
CVE-2024-8694 (A vulnerability, which was classified as problematic, was found
in JFi ...)
NOT-FOR-US: JFinalCMS
CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- - gitlab <unfixed>
+ - gitlab 17.3.5-2
CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-8635 (A server-side request forgery issue has been discovered in
GitLab EE a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37cbb2b53fe364307db288927dcad7dc353bd5c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37cbb2b53fe364307db288927dcad7dc353bd5c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
