[Git][security-tracker-team/security-tracker][master] gitlab fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5599f978 by Moritz Muehlenhoff at 2024-01-23T11:41:59+01:00 gitlab fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1770,11 +1770,11 @@ CVE-2024-23659 (SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the nam NOTE: https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2 NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr CVE-2023-6955 (An improper access control vulnerability exists in GitLab Remote Devel ...) - - gitlab + - gitlab 16.6.5-3 CVE-2023-4812 (An issue has been discovered in GitLab EE affecting all versions start ...) - - gitlab + - gitlab 16.6.5-3 CVE-2023-5356 (Incorrect authorization checks in GitLab CE/EE from all versions start ...) - - gitlab + - gitlab 16.6.5-3 CVE-2023-7028 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - gitlab 16.4.5+ds2-1 CVE-2024-23179 (An issue was discovered in the GlobalBlocking extension in MediaWiki b ...) @@ -41547,7 +41547,7 @@ CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properl CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...) NOT-FOR-US: WordPress plugin CVE-2023-2030 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) - - gitlab + - gitlab 16.6.5-3 CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly sanitiz ...) NOT-FOR-US: WordPress plugin CVE-2023-2028 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5599f97838d4d1c8b202c5c555348eacfcec95de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5599f97838d4d1c8b202c5c555348eacfcec95de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 401792b2 by Moritz Muehlenhoff at 2023-09-25T13:48:56+02:00 gitlab fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18622,7 +18622,7 @@ CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net CVE-2023-2165 RESERVED CVE-2023-2164 (An issue has been discovered in GitLab affecting all versions starting ...) - - gitlab + - gitlab 16.0.8+ds1-1 CVE-2023-2163 (Incorrect verifier pruningin BPF in Linux Kernel>=5.4leads to unsafe c ...) - linux 6.1.27-1 [bullseye] - linux 5.10.179-1 @@ -19509,7 +19509,7 @@ CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Colle CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...) NOT-FOR-US: WordPress plugin CVE-2023-2022 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - - gitlab + - gitlab 16.0.8+ds1-1 CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass (bug #730180) CVE-2023-2020 (Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401792b2460f5cc25828124a8f917d6d2a1d6706 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401792b2460f5cc25828124a8f917d6d2a1d6706 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed in experimental
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0baaf4a4 by Moritz Muehlenhoff at 2021-03-06T21:14:32+01:00 gitlab fixed in experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13203,6 +13203,7 @@ CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of - gitlab 13.2.3-2 CVE-2021-22186 RESERVED + [experimental] - gitlab 13.7.8+ds1-1 - gitlab NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22185 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0baaf4a49cc766af0c50e00266bb97bac62dfa24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0baaf4a49cc766af0c50e00266bb97bac62dfa24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ca1c1d80 by Moritz Muehlenhoff at 2020-10-12T10:12:59+02:00 gitlab fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29735,21 +29735,21 @@ CVE-2020-13348 CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...) - gitlab-ci-multi-runner (Only affects gitlab-runner when configured on Windows) CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13341 RESERVED CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273 @@ -29759,13 +29759,13 @@ CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 1 CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...) - gitlab CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-1 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13332 (Improper access expiration date validation in GitLab version =8.11 ...) - - gitlab + - gitlab 13.2.10-1 CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca1c1d8ff46a1391fa65a8e946d91ab8fd57 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca1c1d8ff46a1391fa65a8e946d91ab8fd57 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1af5235a by Moritz Muehlenhoff at 2020-09-03T10:41:44+02:00 gitlab fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25466,89 +25466,89 @@ CVE-2020-13319 RESERVED CVE-2020-13318 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13317 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13316 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13315 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13314 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13313 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13312 RESERVED CVE-2020-13311 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13310 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13309 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13308 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13307 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13306 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13305 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13304 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13303 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13302 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13301 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13300 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13299 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13298 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13297 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13296 RESERVED @@ -25576,14 +25576,14 @@ CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access co NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13289 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...) - gitlab (Only affects GitLab 13.0 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13287 RESERVED - - gitlab + - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13286 (For GitLab
[Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5984c590 by Moritz Muehlenhoff at 2019-04-19T13:24:28Z gitlab fixed removed buster entry for simple-xml, pending removal - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1721,7 +1721,7 @@ CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Re NOT-FOR-US: Contao CVE-2019-10640 [DoS potential for regex in CI/CD refs] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10639 RESERVED @@ -2826,11 +2826,11 @@ CVE-2019-10117 [Recurity assessment: open redirect] NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10116 [Related branches visible in issues for guests] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10115 [Guest users of private projects have access to releases] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10114 [Recurity assessment: information exposure through timing discrepancy] RESERVED @@ -2838,7 +2838,7 @@ CVE-2019-10114 [Recurity assessment: information exposure through timing discrep NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10113 [DoS potential on project languages page] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10112 [Recurity assessment: loginState HMAC issues] RESERVED @@ -2846,15 +2846,15 @@ CVE-2019-10112 [Recurity assessment: loginState HMAC issues] NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10111 [Persistent XSS at merge request resolve conflicts] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10110 [Improper authorization control "move issue"] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images] RESERVED - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10108 [IDOR labels of private projects/groups] RESERVED @@ -69265,7 +69265,7 @@ CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript calculat {DSA-4199-1 DLA-1376-1} - firefox 60.0-1 - firefox-esr 52.8.0esr-1 - - gitlab (bug #926482) + - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158 NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ @@ -84678,7 +84678,6 @@ CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script inj NOT-FOR-US: Opencast CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) - simple-xml (low; bug #888547) - [buster] - simple-xml (Minor issue) [stretch] - simple-xml (Minor issue) [jessie] - simple-xml (Minor issue) [wheezy] - simple-xml (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: da0dc38f by Moritz Muehlenhoff at 2019-01-03T08:56:11Z gitlab fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -754,7 +754,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5) CVE-2018-20507 [Missing authentication for Prometheus alert endpoint] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20506 RESERVED @@ -768,59 +768,59 @@ CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt NOT-FOR-US: Bento4 CVE-2018-20501 [Missing authorization control merge requests] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20500 [Improper access control CI/CD settings] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20499 [SSRF in project imports with LFS] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20498 [Improper access control branches and tags] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20497 [SSRF repository mirroring] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20496 [Persistent XSS label reference] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20495 [CI job token LFS error message disclosure] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20494 [Guest user CI job disclosure] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20493 [Source code disclosure merge request diff] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20492 [Todos improper access control] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20491 [Persistent XSS wiki in IE browser] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20490 [Persistent XSS Autocompletion] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20489 [URL rel attribute not set] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20488 [Secret CI variable exposure] RESERVED - - gitlab (bug #918086) + - gitlab 11.5.6+dfsg-1 (bug #918086) NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/ CVE-2018-20487 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: dde530fd by Moritz Muehlenhoff at 2018-11-22T22:01:52Z gitlab fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -248,8 +248,7 @@ CVE-2018-19360 RESERVED CVE-2018-19359 [Unauthorized service template creation] RESERVED - [experimental] - gitlab 11.3.10+dfsg-1 - - gitlab (bug #914166) + - gitlab 11.3.10+dfsg-2 (bug #914166) NOTE: https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/ CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login ...) - gnome-keyring (bug #914154) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dde530fdfbd6746298893091f09333befa09379b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dde530fdfbd6746298893091f09333befa09379b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed in experimental
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e54d28d by Moritz Muehlenhoff at 2018-11-16T13:32:44Z gitlab fixed in experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4610,11 +4610,13 @@ CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync NOT-FOR-US: Axon Evidence Sync CVE-2018-17537 [Persistent XSS package.json] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 10.4 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17536 [Persistent XSS merge request project import] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 10.4 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ @@ -4818,34 +4820,41 @@ CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404 CVE-2018-17455 [IDOR merge request approvals] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17454 [Persistent XSS on issue details] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 9.3 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17453 [GRPC::Unknown logging token disclosure] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 10.4 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17451 [Slack integration CSRF Oauth2] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 9.4 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17450 [SSRF GCP access token disclosure] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 10.2 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-17449 [Confidential information disclosure in events API endpoint] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab [stretch] - gitlab (Only affects 9.3 and later) NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ @@ -9823,6 +9832,7 @@ CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formu NOTE: Dokuwiki non-issue CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs] RESERVED + [experimental] - gitlab 11.1.8+dfsg-1 - gitlab NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ CVE-2018-15467 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e54d28d93064a97a76e63a2fa2e086a034334e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e54d28d93064a97a76e63a2fa2e086a034334e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] gitlab fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e877ea1 by Moritz Muehlenhoff at 2018-10-19T09:16:13Z gitlab fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9465,23 +9465,23 @@ CVE-2018-14598 (An issue was discovered in XListExtensions in ListExt.c in libX1 [wheezy] - libx11 (Minor issue) NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/e83722768fd5c467ef61fa159e8c6278770b45c2 CVE-2018-14606 (An issue was discovered in GitLab Community and Enterprise Edition ...) - - gitlab + - gitlab 10.8.7+dfsg-1 [stretch] - gitlab (Only affects 10.6 and later) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14605 (An issue was discovered in GitLab Community and Enterprise Edition ...) - - gitlab + - gitlab 10.8.7+dfsg-1 [stretch] - gitlab (Only affects 10.7 and later) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Edition ...) - - gitlab + - gitlab 10.8.7+dfsg-1 [stretch] - gitlab (Only affects 10.7 and later) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition ...) - - gitlab + - gitlab 10.8.7+dfsg-1 [stretch] - gitlab (Scheduled for removal in next point release) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition ...) - - gitlab + - gitlab 10.8.7+dfsg-1 [stretch] - gitlab (Affects 9.0 and later only) NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/ CVE-2018-14601 (An issue was discovered in GitLab Community and Enterprise Edition ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e877ea16173603ba26aeaf20620807332ca3f6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e877ea16173603ba26aeaf20620807332ca3f6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits