Date: Wed, 28 Apr 2021 21:57:50 GMT From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 199adc301bbc - main - Document gitlab-ce vulnerabilities. Message-ID: <202104282157.13SLvoXq050645@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=199adc301bbcbef519f19845dbd3d4da5295c53e commit 199adc301bbcbef519f19845dbd3d4da5295c53e Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2021-04-28 21:03:44 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2021-04-28 21:57:39 +0000 Document gitlab-ce vulnerabilities. --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ccbd879d4857..9807c17b5fd0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="518a119c-a864-11eb-8ddb-001b217b3468"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>13.11.0</ge><lt>13.11.2</lt></range> + <range><ge>13.10.0</ge><lt>13.10.4</lt></range> + <range><ge>11.6.0</ge><lt>13.9.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/">; + <p>Read API scoped tokens can execute mutations</p> + <p>Pull mirror credentials were exposed</p> + <p>Denial of Service when querying repository branches API</p> + <p>Non-owners can set system_note_timestamp when creating / updating issues</p> + <p>DeployToken will impersonate a User with the same ID when using Dependency Proxy</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/releases/2021/04/28/security-release-gitlab-13-11-2-released/</url>; + <cvename>CVE-2021-22209</cvename> + <cvename>CVE-2021-22206</cvename> + <cvename>CVE-2021-22210</cvename> + <cvename>CVE-2021-22208</cvename> + <cvename>CVE-2021-22211</cvename> + </references> + <dates> + <discovery>2021-04-28</discovery> + <entry>2021-04-28</entry> + </dates> + </vuln> + <vuln vid="76a07f31-a860-11eb-8ddb-001b217b3468"> <topic>Carrierwave -- Multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104282157.13SLvoXq050645>