Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acd8d9da by Salvatore Bonaccorso at 2020-03-22T14:44:30+01:00
Track some fixed versions for gitlab after unstable upload
- - - - -
82254e4e by Salvatore Bonaccorso at 2020-03-22T14:44:43+01:00
Track some gitlab CVEs wich are affecting only the EE version
- - - - -
936dfe22 by Salvatore Bonaccorso at 2020-03-22T14:45:05+01:00
Remove unneeded unfixed status for experimental for CVE-2019-5467
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1590,26 +1590,26 @@ CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS.
A cross-site scripting vu
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting
vulnerabi ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure.
Under certai ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when
using sever ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending
on part ...)
- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge
images were ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A
particular en ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A
particul ...)
- gitlab <not-affected> (Only affects Gitlab 12.3.5 and later)
@@ -1625,15 +1625,15 @@ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows
Denial of Service. A denial of
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was
internally d ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It
was possib ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under
certain ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request
submission fo ...)
- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
@@ -1649,7 +1649,7 @@ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML
Injection. A particular e
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A
scenario wa ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It
was inter ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -6032,11 +6032,11 @@ CVE-2020-8116 (Prototype pollution vulnerability in
dot-prop npm package version
CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the
publicly acce ...)
NOT-FOR-US: Revive Adserver
CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE)
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access
Control. ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1
through ...)
{DLA-2089-1}
@@ -6393,13 +6393,13 @@ CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows
Information Disclosure. ...)
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...)
[experimental] - gitlab 12.6.7-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE 11.0 and later)
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7970
RESERVED
@@ -6408,7 +6408,7 @@ CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2
allows Information Disclos
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...)
[experimental] - gitlab 12.6.7-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1
of 2). ...)
- gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later)
@@ -8993,10 +8993,10 @@ CVE-2020-6835 (An issue was discovered in Bftpd before
5.4. There is a heap-base
CVE-2020-6834
RESERVED
CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab
Workhors ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE 11.3 and later)
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0
throug ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects GitLab EE 8.9.0 and later)
NOTE:
https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows
XSS via th ...)
- ganglia-web <unfixed> (unimportant; bug #948664)
@@ -12964,7 +12964,7 @@ CVE-2020-5198
RESERVED
CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3
and 10 ...)
NOT-FOR-US: Cerberus FTP Server Enterprise Edition
@@ -15716,23 +15716,23 @@ CVE-2019-20149 (ctorName in index.js in kind-of
v6.0.2 allows external user inpu
NOTE: https://github.com/jonschlinkert/kind-of/pull/31
CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and
Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.6)
@@ -22919,7 +22919,7 @@ CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and
later through 12.5 allows
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE)
through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
- gitlab-workhorse 8.8.1+debian-3
[buster] - gitlab-workhorse <ignored> (Minor issue)
[stretch] - gitlab-workhorse <ignored> (Minor issue)
@@ -22934,7 +22934,7 @@ CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and
later through 12.5 has I
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE)
through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has
Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -22944,7 +22944,7 @@ CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and
later through 12.5 has I
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6
and lat ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19253
RESERVED
@@ -27400,74 +27400,74 @@ CVE-2019-18464 (In Progress MOVEit Transfer 10.2
before 10.2.6 (2018.3), 11.0 be
NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise
Edition 11 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18445
RESERVED
@@ -34493,7 +34493,7 @@ CVE-2019-16171 (In JetBrains YouTrack through
2019.2.56594, stored XSS was found
NOT-FOR-US: JetBrains YouTrack
CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and
12.x bef ...)
[experimental] - gitlab 12.0.9-1
- - gitlab <unfixed> (bug #940007)
+ - gitlab 12.6.8-3 (bug #940007)
NOTE:
https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/
CVE-2019-16169
RESERVED
@@ -35626,32 +35626,32 @@ CVE-2019-15741 (An issue was discovered in GitLab
Omnibus 7.4 through 12.2.1. An
NOT-FOR-US: GitLab Omnibus
CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise
Edition 7.9 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15739 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15738 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects 12.0 and later)
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15737 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15736 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15735
RESERVED
CVE-2019-15734 (An issue was discovered in GitLab Community and Enterprise
Edition 8.6 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15733 (An issue was discovered in GitLab Community and Enterprise
Edition 7.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15732 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects 12.2 and later)
@@ -35661,23 +35661,23 @@ CVE-2019-15731 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15728 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15727 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15726 (An issue was discovered in GitLab Community and Enterprise
Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15725 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (only affects 12.0 and later)
@@ -35690,11 +35690,11 @@ CVE-2019-15723 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15722 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation
via a Pr ...)
NOT-FOR-US: CloudBerry Backup
@@ -36171,18 +36171,18 @@ CVE-2019-15594 (GitLab 11.8 and later contains a
security vulnerability that all
NOTE:
https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a
user to ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/557154
NOTE:
https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that
allows ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15591 (An improper access control vulnerability exists in GitLab
<12.3.3 t ...)
- gitlab <unfixed>
NOTE: https://hackerone.com/reports/676976
CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8,
and < 1 ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects GitLab EE 11.5 and later)
NOTE: https://hackerone.com/reports/701144
NOTE:
https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/
CVE-2019-15589 (An improper access control vulnerability exists in Gitlab
<v12.3.2, ...)
@@ -36199,40 +36199,40 @@ CVE-2019-15586 (A XSS exists in Gitlab CE/EE <
12.1.10 in the Mermaid plugin.
- gitlab <not-affected> (Only affects Gitlab 12.1)
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6,
and < 1 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6,
and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/670572
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6,
and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and <
12.1.12 f ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12
for GitLa ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com
<v12.3.2 ...)
- gitlab <not-affected> (Only affects EE)
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6,
and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6,
and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/636560
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/633001
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2,
<v12.2.6, a ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/682442
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in
account ...)
@@ -38256,7 +38256,7 @@ CVE-2019-14945 (The ultimate-member plugin before
2.0.54 for WordPress has XSS.
CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities]
RESERVED
[experimental] - gitlab 11.11.8+dfsg-1
- - gitlab <unfixed> (bug #934708)
+ - gitlab 12.6.8-3 (bug #934708)
NOTE:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise
Edition 12. ...)
- gitlab <not-affected> (Only affects GitLab CE/EE 12.0 and later)
@@ -38264,7 +38264,7 @@ CVE-2019-14943 (An issue was discovered in GitLab
Community and Enterprise Editi
CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
RESERVED
[experimental] - gitlab 11.11.8+dfsg-1
- - gitlab <unfixed> (bug #934708)
+ - gitlab 12.6.8-3 (bug #934708)
NOTE:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14941
RESERVED
@@ -45190,7 +45190,7 @@ CVE-2019-13122 (A Cross Site Scripting (XSS)
vulnerability exists in the templat
NOT-FOR-US: Patchwork
CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6
through 12.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 lacks length
checking in pr ...)
NOT-FOR-US: Amazon FreeRTOS
@@ -45514,15 +45514,15 @@ CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2
have a local privilege esc
NOT-FOR-US: Little Snitch
CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0
through 12 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3
through 12.0. ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise
Edition 9.2 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
RESERVED
@@ -45531,7 +45531,7 @@ CVE-2019-13007 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise
Edition 9.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and
Community Edi ...)
[experimental] - gitlab 11.10.8+dfsg-1
@@ -45542,7 +45542,7 @@ CVE-2019-13004 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise
Edition bef ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 11.10.8+dfsg-1
@@ -47043,27 +47043,27 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs
1.29.4 through 1.41.2. dae
NOTE:
https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise
Edition 8.3 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise
Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise
Edition 8.9 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7
through 11.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise
Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows
an unauth ...)
NOT-FOR-US: Sitecore CMS
@@ -47081,19 +47081,19 @@ CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x
before 4.10.5 has a NULL poi
NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html
CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise
Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise
Edition 11. ...)
- gitlab <not-affected> (Only affects 11.11)
@@ -47103,7 +47103,7 @@ CVE-2019-12429 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise
Edition 6.8 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE:
https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a
non-pers ...)
NOT-FOR-US: Zimbra Collaboration
@@ -66877,7 +66877,7 @@ CVE-2019-5487 (An improper access control vulnerability
exists in Gitlab EE <
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://hackerone.com/reports/692252
CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE
<v12.3 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/617896
NOTE:
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a
Command Injec ...)
@@ -66936,43 +66936,42 @@ CVE-2019-5471 (An input validation and output
encoding issue was discovered in t
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5470 (An information disclosure issue was discovered GitLab versions
< 12 ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2,
<v12.0.4, and & ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions
< 1 ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5467 (An input validation and output encoding issue was discovered in
the Gi ...)
- [experimental] - gitlab <unfixed>
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that
allowed new ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE
8.14 an ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in
GitLab CE/EE ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI
badge ima ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0
and la ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5461 (An input validation problem was discovered in the GitHub
service integ ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5460 (Double Free in VLC versions <= 3.0.6 leads to a crash. ...)
{DSA-4459-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc0d0357d0ece91f4de4404d631d3b9dcacfe40f...936dfe220c9b5d7aa41913af15eaecf3c24dba19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc0d0357d0ece91f4de4404d631d3b9dcacfe40f...936dfe220c9b5d7aa41913af15eaecf3c24dba19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
