Date: Mon, 4 Jun 2018 20:10:22 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r471724 - head/security/vuxml Message-ID: <201806042010.w54KAMtG035875@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Mon Jun 4 20:10:22 2018 New Revision: 471724 URL: https://svnweb.freebsd.org/changeset/ports/471724 Log: Document new vulnerabilities in www/gitlab < 10.8.2 or < 10.7.5 or < 10.6.6. Reviewed by: tz (mentor) Approved by: tz (mentor) Differential Revision: https://reviews.freebsd.org/D15635 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Jun 4 18:54:00 2018 (r471723) +++ head/security/vuxml/vuln.xml Mon Jun 4 20:10:22 2018 (r471724) @@ -101,6 +101,39 @@ Notes: </dates> </vuln> + <vuln vid="9557dc72-64da-11e8-bc32-d8cb8abf62dd"> + <topic>Gitlab -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitlab</name> + <range><ge>10.8.0</ge><lt>10.8.2</lt></range> + <range><ge>10.7.0</ge><lt>10.7.5</lt></range> + <range><ge>1.0</ge><lt>10.6.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>GitLab reports:</p> + <blockquote cite="https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/">; + <p>Removing public deploy keys regression</p> + <p>Users can update their password without entering current password</p> + <p>Persistent XSS - Selecting users as allowed merge request approvers</p> + <p>Persistent XSS - Multiple locations of user selection drop downs</p> + <p>include directive in .gitlab-ci.yml allows SSRF requests</p> + <p>Permissions issue in Merge Requests Create Service</p> + <p>Arbitrary assignment of project fields using "Import project"</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/</url>; + </references> + <dates> + <discovery>2018-05-29</discovery> + <entry>2018-05-31</entry> + </dates> + </vuln> + <vuln vid="7fc3e827-64a5-11e8-aedb-00224d821998"> <topic>strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806042010.w54KAMtG035875>