Source: gitlab Version: 11.8.6+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerabilities were published for gitlab. CVE-2019-11544[0]: Notification Emails Sent to Restricted Users CVE-2019-11546[1]: Merge Request Approval Count Inflation CVE-2019-11547[2]: Unsanitized Branch Names on New Merge Request Notification Emails CVE-2019-11548[3]: Unauthorized Comments on Confidential Issues CVE-2019-11549[4]: Improper Sanitation of Credentials in Gitaly If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11544 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11544 [1] https://security-tracker.debian.org/tracker/CVE-2019-11546 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11546 [2] https://security-tracker.debian.org/tracker/CVE-2019-11547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11547 [3] https://security-tracker.debian.org/tracker/CVE-2019-11548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11548 [4] https://security-tracker.debian.org/tracker/CVE-2019-11549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11549 [5] https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ Regards, Salvatore
