Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9181ee71 by Salvatore Bonaccorso at 2020-04-09T22:22:37+02:00
Fix listing of suites for CVE-2020-10954/gitlab
- - - - -
903c1768 by Salvatore Bonaccorso at 2020-04-09T22:23:14+02:00
Track some gitlab issues from 2020-03-26 release
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1738,19 +1738,33 @@ CVE-2020-10983
CVE-2020-10982
RESERVED
CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other
maintaine ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in
the FogB ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on
restricted CI pip ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues
opened in a ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal
when mov ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage
when qu ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on
vulnerab ...)
- TODO: check
+ [experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10974
RESERVED
CVE-2020-10973
@@ -1817,8 +1831,8 @@ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is
vulnerable to parameter tamper
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in
repository archi ...)
- - gitlab <unfixed>
[experimental] - gitlab 12.8.8-1
+ - gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable
to a pat ...)
- gitlab <not-affected> (Only affects GitLab EE 11.7 and later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e9249105b2c39b66773a8efdd1ee4ac002c42b76...903c1768efc441c8a2207e9872e44a2a06af785e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e9249105b2c39b66773a8efdd1ee4ac002c42b76...903c1768efc441c8a2207e9872e44a2a06af785e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
