Date: Wed, 11 Feb 2026 07:49:42 +0000 From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: e8dbbbac7eac - main - security/vuxml: document Gitlab vulnerabilities Message-ID: <698c3496.3d478.1a6b0f33@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=e8dbbbac7eacb6a4e30d91e571fdc5ae3ecec35f commit e8dbbbac7eacb6a4e30d91e571fdc5ae3ecec35f Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2026-02-11 07:46:32 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2026-02-11 07:46:32 +0000 security/vuxml: document Gitlab vulnerabilities --- security/vuxml/vuln/2026.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 4340808b5599..64e1378fa597 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,60 @@ + <vuln vid="9d9940e7-071c-11f1-93ca-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> +<package> +<name>gitlab-ce</name> +<name>gitlab-ee</name> +<range><ge>18.8.0</ge><lt>18.8.4</lt></range> +<range><ge>18.7.0</ge><lt>18.7.4</lt></range> +<range><ge>8.0.0</ge><lt>18.6.6</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/">; + <p>Incomplete Validation issue in Web IDE impacts GitLab CE/EE</p> + <p>Denial of Service issue in GraphQL introspection impacts GitLab CE/EE</p> + <p>Denial of Service issue in JSON validation middleware impacts GitLab CE/EE</p> + <p>Cross-site Scripting issue in Code Flow impacts GitLab CE/EE</p> + <p>HTML Injection issue in test case titles impacts GitLab CE/EE</p> + <p>Denial of Service issue in Markdown processor impacts GitLab CE/EE</p> + <p>Denial of Service issue in Markdown Preview impacts GitLab CE/EE</p> + <p>Denial of Service issue in dashboard impacts GitLab EE</p> + <p>Server-Side Request Forgery issue in Virtual Registry impacts GitLab EE</p> + <p>Improper Validation issue in diff parser impacts GitLab CE/EE</p> + <p>Server-Side Request Forgery issue in Git repository import impacts GitLab CE/EE</p> + <p>Authorization Bypass issue in iterations API impacts GitLab EE</p> + <p>Missing Authorization issue in GLQL API impacts GitLab CE/EE</p> + <p>Stored HTML Injection issue in project label impacts GitLab CE/EE</p> + <p>Authorization Bypass issue in Pipeline Schedules API impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-7659</cvename> + <cvename>CVE-2025-8099</cvename> + <cvename>CVE-2026-0958</cvename> + <cvename>CVE-2025-14560</cvename> + <cvename>CVE-2026-0595</cvename> + <cvename>CVE-2026-1458</cvename> + <cvename>CVE-2026-1456</cvename> + <cvename>CVE-2026-1387</cvename> + <cvename>CVE-2025-12575</cvename> + <cvename>CVE-2026-1094</cvename> + <cvename>CVE-2025-12073</cvename> + <cvename>CVE-2026-1080</cvename> + <cvename>CVE-2025-14592</cvename> + <cvename>CVE-2026-1282</cvename> + <cvename>CVE-2025-14594</cvename> + <url>https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/</url>; + </references> + <dates> + <discovery>2026-02-10</discovery> + <entry>2026-02-11</entry> + </dates> + </vuln> + <vuln vid="8d8012e5-0705-11f1-8148-bc241121aa0a"> <topic>FreeBSD -- blocklistd(8) socket leak</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?698c3496.3d478.1a6b0f33>