Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45a80eb5 by Moritz Muehlenhoff at 2026-06-12T11:00:46+02:00
auto-nfu: Add gitlab
Gitlab has been removed from unstable, was never part of a stable release
and will never come back. As such there's no good reason to track it as
<removed>, so to reduce toil also track is as NFU via the CNA.
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -547,7 +547,7 @@ CVE-2026-40986 (Spring Web Flow's JavaScript
RemotingHandler renders the body of
CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are
vulnerab ...)
TODO: check
CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2026-3329 (A remote unauthenticated attacker may be able to conduct
credential-gu ...)
@@ -559,7 +559,7 @@ CVE-2026-35273 (Vulnerability in the PeopleSoft Enterprise
PeopleTools product o
CVE-2026-2827 (The Open User Map PRO plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1500 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-11986 (A flaw was found in the admin-ui-ext component of Keycloak,
which prov ...)
TODO: check
CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted
is the f ...)
@@ -583,11 +583,11 @@ CVE-2026-10847 (A local privilege escalation
vulnerability exists in Check Point
CVE-2026-10795 (The UpdraftPlus: WP Backup & Migration Plugin plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10733 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
TODO: check
CVE-2026-10087 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-0274 (An improper validation of credentials vulnerability in the
CommvaultSe ...)
NOT-FOR-US: Palo Alto Networks
CVE-2026-0273 (A command injection vulnerability in Palo Alto Networks
PAN-OS\xae sof ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -113,6 +113,8 @@
cna: GE_Vernova
- reason: Github Enterprise Server
cna: GitHub_P
+- reason: GitLab (used to be packaged in the Debian archive as src:gitlab, but
never in a stable release)
+ cna: GitLab
- reason: Google devices
cna: Google_Devices
- reason: Hanwha Vision
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45a80eb5591a4d421aefd4de44901a5801cc5cbb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45a80eb5591a4d421aefd4de44901a5801cc5cbb
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits