Update entry for CVE-2021-39939

Associate it with gitlab-ci-multi-runner, as it is an issue in this source package. Mark it not-affected as the problematic code got introduced only after version 13.3.1.
author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-14 19:52:50 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-14 19:52:50 +0100
commit: d119d50759af597ec63c9b05d154b3c86c29ad57 (patch)
tree: 28816239fb359f66775c39723b20540801046c85 /data/CVE
parent: b1c2b8bf3d490bd1a67cf04140ee6dc489c883fc (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 308be9088c..94d69146bb 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -17103,10 +17103,9 @@ CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions
 CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
-	- gitlab <unfixed>
+	- gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
 	NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
-	NOTE: fix released in 14.3.4, 14.6 in experimental.
 CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version  ...)
 	- gitlab <unfixed>
 CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-14 19:52:50 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-14 19:52:50 +0100
commit	d119d50759af597ec63c9b05d154b3c86c29ad57 (patch)
tree	28816239fb359f66775c39723b20540801046c85 /data/CVE
parent	b1c2b8bf3d490bd1a67cf04140ee6dc489c883fc (diff)