Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
391e82c8 by Salvatore Bonaccorso at 2019-07-07T08:41:56Z
Track gitlab/11.10.8 upload to experimental for easier merge fixing version
once uploaded to unstable again
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -609,6 +609,7 @@ CVE-2019-13122
RESERVED
CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120
@@ -889,14 +890,17 @@ CVE-2019-13013
RESERVED
CVE-2019-13011 [Merge Request Template Name Disclosure]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13010 [Decoding Color Codes Caused Reseource Depletion]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13009 [Broken Access Control for the Content of Personal Snippets]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
@@ -907,11 +911,12 @@ CVE-2019-13007 [Enabling One of the Service Templates
Could Cause Resource Deple
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13006 [Number of Merge Requests was Accessible]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13005 [Authorization Issues in GraphQL]
RESERVED
- [experimental] - gitlab <unfixed>
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13004 [Error Caused by Encoded Characters in Comments]
@@ -920,16 +925,17 @@ CVE-2019-13004 [Error Caused by Encoded Characters in
Comments]
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13003 [Resource Exhaustion Attack]
RESERVED
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13002 [Recent Pipeline Information Disclosed to Unauthorised Users]
RESERVED
- [experimental] - gitlab <unfixed>
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13001 [Ability to Write a Note to a Private Snippet]
RESERVED
- [experimental] - gitlab <unfixed>
+ [experimental] - gitlab 11.10.8+dfsg-1
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13000
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/391e82c8218f689b1e5eb194dc8298bca040a3df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/391e82c8218f689b1e5eb194dc8298bca040a3df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
