From nobody Wed Feb 11 07:49:42 2026
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f9rDk70Srz6S8nq
	for <dev-commits-ports-all@mlmmj.nyi.freebsd.org>; Wed, 11 Feb 2026 07:49:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4f9rDk6PhXz3tt8
	for <dev-commits-ports-all@FreeBSD.org>; Wed, 11 Feb 2026 07:49:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1770796182;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=R+3dUJbcDtgX1MPhIEhzzMoyGRpdA9GFhnvgE27GIqc=;
	b=xFGF84nrZuH7ddJJ3kgv82dIWjP7M1ihu8eq2U3qzCAdP36ZohSqgKX8phXqrgkM9qQszN
	NPeYhGfMA5TxQATQmFi23vXuhpmh1oLhzl6zy/lgGq6IeFsHObpJAQvH006nvU0GICrHpz
	sv7n8lsEXTuTI6CtvokeLO0AI1SKIWHD3RMFIfXPYTD5QsMunsufRcBFtN1dplClARgIxc
	XkUDGONkpqjhJP4hUixZB5JWrwFsZs8NIZV/PTWwHb85kNConL6hqniuKJEWwBM1Q+I/0y
	ZhtJQUG543TEzv6AkYVVWXXY4o3d5WDyXsGH2cQAEqtj6FWONVfBkou99Yh3uw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770796182; a=rsa-sha256; cv=none;
	b=FRrmGYyiGE369miodQ+HT32+HwJTOxmYZVxYj+AE7eXR+ebAX464Cw4b8gVTvOhbBfqYoC
	REpxj3oJfhBPLkrpZdLP/0cwyalvKLI6PPCBwz+cHMA1B4HjIGcqZombkIrtWD/Vl2Lz/l
	gOSWB3dE3QpvWgHiqlgdZ7hwh5wpI65lfvrwQsConUoOKsELPfm0p1iPUmFJim4ZtIMsg/
	2UqCHT+V2D/Al5mqWRBUAj8jSKJ6Dm+7SJ/Sf1308VgufvRy+PftqTdF8OAE5NICgSTXnf
	EHp5pTHU0LJVZHV/XP8FZw8BNmQkrVpGfAoW+NKQD4DYDrXrfNteXzMloqn0eQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1770796182;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=R+3dUJbcDtgX1MPhIEhzzMoyGRpdA9GFhnvgE27GIqc=;
	b=P6QzQWFnMjkRKVJMCwKKAXdv3I719ilO4lv39Fom9TXzNWeiUdvuI5JvPEXx9JVHcNa7xM
	mX4B035FciKPeGPnE8WYN6ybFY3WwNNEh9OB0cv3/5td7nEdezyqiflRdmA/MLnyPpYGvG
	obxPh+C4QjYjNHh3zfWf6FQK7XIXyp/Fbgi+7g10qT5tpobjAtMvCIQSpJJKdunUs2u+H4
	cRo3nR/IC0F0z42K4NJekTt9+cEs16Fjfy9vUuJxuifemGusPpwIW3g2lmW2Ru0QikH1wB
	IIRqAdnNcPZpwluC1d/XuEJzBnkl/1fnTWx1sC+Tz75il2g0+cTRb96Sx6w6TQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f9rDk604ZzhLs
	for <dev-commits-ports-all@FreeBSD.org>; Wed, 11 Feb 2026 07:49:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3d478
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Wed, 11 Feb 2026 07:49:42 +0000
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
From: Matthias Fechner <mfechner@FreeBSD.org>
Subject: git: e8dbbbac7eac - main - security/vuxml: document Gitlab vulnerabilities
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: mfechner
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: e8dbbbac7eacb6a4e30d91e571fdc5ae3ecec35f
Auto-Submitted: auto-generated
Date: Wed, 11 Feb 2026 07:49:42 +0000
Message-Id: <698c3496.3d478.1a6b0f33@gitrepo.freebsd.org>

The branch main has been updated by mfechner:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e8dbbbac7eacb6a4e30d91e571fdc5ae3ecec35f

commit e8dbbbac7eacb6a4e30d91e571fdc5ae3ecec35f
Author:     Matthias Fechner <mfechner@FreeBSD.org>
AuthorDate: 2026-02-11 07:46:32 +0000
Commit:     Matthias Fechner <mfechner@FreeBSD.org>
CommitDate: 2026-02-11 07:46:32 +0000

    security/vuxml: document Gitlab vulnerabilities
---
 security/vuxml/vuln/2026.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 4340808b5599..64e1378fa597 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,60 @@
+  <vuln vid="9d9940e7-071c-11f1-93ca-2cf05da270f3">
+    <topic>Gitlab -- vulnerabilities</topic>
+    <affects>
+<package>
+<name>gitlab-ce</name>
+<name>gitlab-ee</name>
+<range><ge>18.8.0</ge><lt>18.8.4</lt></range>
+<range><ge>18.7.0</ge><lt>18.7.4</lt></range>
+<range><ge>8.0.0</ge><lt>18.6.6</lt></range>
+</package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Gitlab reports:</p>
+	<blockquote cite="https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/">
+	  <p>Incomplete Validation issue in Web IDE impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in GraphQL introspection impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in JSON validation middleware impacts GitLab CE/EE</p>
+	  <p>Cross-site Scripting issue in Code Flow impacts GitLab CE/EE</p>
+	  <p>HTML Injection issue in test case titles impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in Markdown processor impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in Markdown Preview impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in dashboard impacts GitLab EE</p>
+	  <p>Server-Side Request Forgery issue in Virtual Registry impacts GitLab EE</p>
+	  <p>Improper Validation issue in diff parser impacts GitLab CE/EE</p>
+	  <p>Server-Side Request Forgery issue in Git repository import impacts GitLab CE/EE</p>
+	  <p>Authorization Bypass issue in iterations API impacts GitLab EE</p>
+	  <p>Missing Authorization issue in GLQL API impacts GitLab CE/EE</p>
+	  <p>Stored HTML Injection issue in project label impacts GitLab CE/EE</p>
+	  <p>Authorization Bypass issue in Pipeline Schedules API impacts GitLab CE/EE</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-7659</cvename>
+      <cvename>CVE-2025-8099</cvename>
+      <cvename>CVE-2026-0958</cvename>
+      <cvename>CVE-2025-14560</cvename>
+      <cvename>CVE-2026-0595</cvename>
+      <cvename>CVE-2026-1458</cvename>
+      <cvename>CVE-2026-1456</cvename>
+      <cvename>CVE-2026-1387</cvename>
+      <cvename>CVE-2025-12575</cvename>
+      <cvename>CVE-2026-1094</cvename>
+      <cvename>CVE-2025-12073</cvename>
+      <cvename>CVE-2026-1080</cvename>
+      <cvename>CVE-2025-14592</cvename>
+      <cvename>CVE-2026-1282</cvename>
+      <cvename>CVE-2025-14594</cvename>
+      <url>https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/</url>
+    </references>
+    <dates>
+      <discovery>2026-02-10</discovery>
+      <entry>2026-02-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8d8012e5-0705-11f1-8148-bc241121aa0a">
     <topic>FreeBSD -- blocklistd(8) socket leak</topic>
     <affects>