[Git][security-tracker-team/security-tracker][master] gitlab fixed

Moritz Muehlenhoff Thu, 03 Jan 2019 00:57:28 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
da0dc38f by Moritz Muehlenhoff at 2019-01-03T08:56:11Z
gitlab fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -754,7 +754,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel 
before 4.18.11. The
        NOTE: Fixed by: 
https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
 CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506
        RESERVED
@@ -768,59 +768,59 @@ CVE-2018-20502 (An issue was discovered in Bento4 
1.5.1-627. There is an attempt
        NOT-FOR-US: Bento4
 CVE-2018-20501 [Missing authorization control merge requests]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20500 [Improper access control CI/CD settings]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20499 [SSRF in project imports with LFS]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20498 [Improper access control branches and tags]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20497 [SSRF repository mirroring]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20496 [Persistent XSS label reference]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20495 [CI job token LFS error message disclosure]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20494 [Guest user CI job disclosure]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20493 [Source code disclosure merge request diff]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20492 [Todos improper access control]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20491 [Persistent XSS wiki in IE browser]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20490 [Persistent XSS Autocompletion]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20489 [URL rel attribute not set]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20488 [Secret CI variable exposure]
        RESERVED
-       - gitlab <unfixed> (bug #918086)
+       - gitlab 11.5.6+dfsg-1 (bug #918086)
        NOTE: 
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20487
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] gitlab fixed

Reply via email to