[Git][security-tracker-team/security-tracker][master] gitlab fixed

Moritz Muehlenhoff Fri, 19 Apr 2019 06:25:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5984c590 by Moritz Muehlenhoff at 2019-04-19T13:24:28Z
gitlab fixed
removed buster entry for simple-xml, pending removal

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1721,7 +1721,7 @@ CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 
has a Weak Password Re
        NOT-FOR-US: Contao
 CVE-2019-10640 [DoS potential for regex in CI/CD refs]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10639
        RESERVED
@@ -2826,11 +2826,11 @@ CVE-2019-10117 [Recurity assessment: open redirect]
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10116 [Related branches visible in issues for guests]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10115 [Guest users of private projects have access to releases]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10114 [Recurity assessment: information exposure through timing 
discrepancy]
        RESERVED
@@ -2838,7 +2838,7 @@ CVE-2019-10114 [Recurity assessment: information exposure 
through timing discrep
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10113 [DoS potential on project languages page]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10112 [Recurity assessment: loginState HMAC issues]
        RESERVED
@@ -2846,15 +2846,15 @@ CVE-2019-10112 [Recurity assessment: loginState HMAC 
issues]
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10111 [Persistent XSS at merge request resolve conflicts]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10110 [Improper authorization control "move issue"]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images]
        RESERVED
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10108 [IDOR labels of private projects/groups]
        RESERVED
@@ -69265,7 +69265,7 @@ CVE-2018-5158 (The PDF viewer does not sufficiently 
sanitize PostScript calculat
        {DSA-4199-1 DLA-1376-1}
        - firefox 60.0-1
        - firefox-esr 52.8.0esr-1
-       - gitlab <unfixed> (bug #926482)
+       - gitlab 11.8.6+dfsg-1 (bug #926482)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
        NOTE: 
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
@@ -84678,7 +84678,6 @@ CVE-2017-1000217 (Opencast 2.3.2 and older versions are 
vulnerable to script inj
        NOT-FOR-US: Opencast
 CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE 
vulnerability ...)
        - simple-xml <unfixed> (low; bug #888547)
-       [buster] - simple-xml <ignored> (Minor issue)
        [stretch] - simple-xml <ignored> (Minor issue)
        [jessie] - simple-xml <no-dsa> (Minor issue)
        [wheezy] - simple-xml <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] gitlab fixed

Reply via email to