FreeBSD Mail Archives

Date:      Tue, 5 Mar 2019 10:23:44 +0000 (UTC)
From:      Matthias Fechner <mfechner@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r494691 - head/security/vuxml
Message-ID:  <201903051023.x25ANiBa087530@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: mfechner
Date: Tue Mar  5 10:23:44 2019
New Revision: 494691
URL: https://svnweb.freebsd.org/changeset/ports/494691

Log:
  Doucumented several www/gitlab-ce security vulnerabilities.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Mar  5 10:06:37 2019	(r494690)
+++ head/security/vuxml/vuln.xml	Tue Mar  5 10:23:44 2019	(r494691)
@@ -58,6 +58,64 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="11292460-3f2f-11e9-adcb-001b217b3468">
+    <topic>Gitlab -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>gitlab-ce</name>
+	<range><ge>11.8.0</ge><lt>11.8.1</lt></range>
+	<range><ge>11.7.0</ge><lt>11.7.6</lt></range>
+	<range><ge>2.9.0</ge><lt>11.6.10</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Gitlab reports:</p>
+	<blockquote cite="https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/">;
+	  <p>Arbitrary file read via MergeRequestDiff</p>
+	  <p>CSRF add Kubernetes cluster integration</p>
+	  <p>Blind SSRF in prometheus integration</p>
+	  <p>Merge request information disclosure</p>
+	  <p>IDOR milestone name information disclosure</p>
+	  <p>Burndown chart information disclosure</p>
+	  <p>Private merge request titles in public project information disclosure</p>
+	  <p>Private namespace disclosure in email notification when issue is moved</p>
+	  <p>Milestone name disclosure</p>
+	  <p>Issue board name disclosure</p>
+	  <p>NPM automatic package referencer</p>
+	  <p>Path traversal snippet mover</p>
+	  <p>Information disclosure repo existence</p>
+	  <p>Issue DoS via Mermaid</p>
+	  <p>Privilege escalation impersonate user</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/</url>;
+      <cvename>CVE-2019-9221</cvename>
+      <cvename>CVE-2019-9176</cvename>
+      <cvename>CVE-2019-9174</cvename>
+      <cvename>CVE-2019-9172</cvename>
+      <cvename>CVE-2019-9170</cvename>
+      <cvename>CVE-2019-9175</cvename>
+      <cvename>CVE-2019-9178</cvename>
+      <cvename>CVE-2019-9179</cvename>
+      <cvename>CVE-2019-9171</cvename>
+      <cvename>CVE-2019-9224</cvename>
+      <cvename>CVE-2019-9225</cvename>
+      <cvename>CVE-2019-9219</cvename>
+      <cvename>CVE-2019-9217</cvename>
+      <cvename>CVE-2019-9222</cvename>
+      <cvename>CVE-2019-9223</cvename>
+      <cvename>CVE-2019-9220</cvename>
+      <cvename>CVE-2019-9485</cvename>
+    </references>
+    <dates>
+      <discovery>2019-03-04</discovery>
+      <entry>2019-03-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a3e24de7-3f0c-11e9-87d1-00012e582166">
     <topic>py-gunicorn -- CWE-113 vulnerability</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903051023.x25ANiBa087530>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation