Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eab6cbb0 by Salvatore Bonaccorso at 2019-06-05T12:28:57Z
gitlab issues fixed in experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -608,26 +608,32 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs
1.29.4 through 1.41.2. dae
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
CVE-2019-12446 [Repository Password Disclosed on Import Error Page]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12445 [Stored Cross-Site Scripting on Notes]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12444 [Stored Cross-Site Scripting on Wiki Pages]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12443 [Server-Side Request Forgery Through DNS Rebinding]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12442 [Stored Cross-Site Scripting Vulnerability on Child Epics]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12441 [Protected Branches Restriction Rules Bypass]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows
an unauth ...)
@@ -642,18 +648,22 @@ CVE-2019-12435
RESERVED
CVE-2019-12434 [Private Project Discovery via Comment Links]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12433 [Internal Projects Allowed to Be Created on in Private Groups]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12432 [Confidential Issue Titles Revealed to Restricted Users on
Unsubscribe]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12431 [Disclosure of Milestone Metadata through the Search API]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12430 [Remote Command Execution Vulnerability on Repository Download
Feature]
@@ -666,6 +676,7 @@ CVE-2019-12429 [Metadata of Confidential Issues Disclosed
to Restricted Users]
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12428 [Mandatory External Authentication Provider Sign-In
Restrictions Bypass]
RESERVED
+ [experimental] - gitlab 11.10.5+dfsg-1
- gitlab <unfixed> (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12427
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eab6cbb0d2ef6fbeaf664acfc6d28231e9f5e4d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/eab6cbb0d2ef6fbeaf664acfc6d28231e9f5e4d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
