Date: Tue, 1 Jun 2021 22:37:43 GMT From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: ddf691df64ce - main - security/vuxml: Document gitlab vulnerabilities. Message-ID: <202106012237.151Mbhdk016713@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=ddf691df64ce12d2b147348bb3055eaa0235d426 commit ddf691df64ce12d2b147348bb3055eaa0235d426 Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2021-06-01 21:27:10 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2021-06-01 22:37:21 +0000 security/vuxml: Document gitlab vulnerabilities. --- security/vuxml/vuln.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c65356edacb9..9f5b59c17c1b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="5f52d646-c31f-11eb-8dcf-001b217b3468"> + <topic>Gitlab -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>13.12.0</ge><lt>13.12.2</lt></range> + <range><ge>13.11.0</ge><lt>13.11.5</lt></range> + <range><ge>7.10.0</ge><lt>13.10.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/">; + <p>Stealing GitLab OAuth access tokens using XSLeaks in Safari</p> + <p>Denial of service through recursive triggered pipelines</p> + <p>Unauthenticated CI lint API may lead to information disclosure and SSRF</p> + <p>Server-side DoS through rendering crafted Markdown documents</p> + <p>Issue and merge request length limit is not being enforced</p> + <p>Insufficient Expired Password Validation</p> + <p>XSS in blob viewer of notebooks</p> + <p>Logging of Sensitive Information</p> + <p>On-call rotation information exposed when removing a member</p> + <p>Spoofing commit author for signed commits</p> + <p>Enable qsh verification for Atlassian Connect</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-22181</cvename> + <url>https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/</url>; + </references> + <dates> + <discovery>2021-06-01</discovery> + <entry>2021-06-01</entry> + </dates> + </vuln> + <vuln vid="8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c"> <topic>redis -- integer overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106012237.151Mbhdk016713>