Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a9e04f1 by Salvatore Bonaccorso at 2019-01-03T07:11:07Z
Add Debian bug reference for gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -749,7 +749,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel
before 4.18.11. The
NOTE: Fixed by:
https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20506
RESERVED
@@ -763,59 +763,59 @@ CVE-2018-20502 (An issue was discovered in Bento4
1.5.1-627. There is an attempt
NOT-FOR-US: Bento4
CVE-2018-20501 [Missing authorization control merge requests]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20500 [Improper access control CI/CD settings]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20499 [SSRF in project imports with LFS]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20498 [Improper access control branches and tags]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20497 [SSRF repository mirroring]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20496 [Persistent XSS label reference]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20495 [CI job token LFS error message disclosure]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20494 [Guest user CI job disclosure]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20493 [Source code disclosure merge request diff]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20492 [Todos improper access control]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20491 [Persistent XSS wiki in IE browser]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20490 [Persistent XSS Autocompletion]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20489 [URL rel attribute not set]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20488 [Secret CI variable exposure]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #918086)
NOTE:
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20487
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a9e04f1ec44dce164c8374b8b53696080f8d692
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a9e04f1ec44dce164c8374b8b53696080f8d692
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
