Date: Thu, 31 Jan 2019 17:42:14 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r491741 - head/security/vuxml Message-ID: <201901311742.x0VHgEvF027679@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Thu Jan 31 17:42:14 2019 New Revision: 491741 URL: https://svnweb.freebsd.org/changeset/ports/491741 Log: Documented multiple vulnerabilities for www/gitlab-ce. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jan 31 17:35:26 2019 (r491740) +++ head/security/vuxml/vuln.xml Thu Jan 31 17:42:14 2019 (r491741) @@ -58,6 +58,82 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="467b7cbe-257d-11e9-8573-001b217b3468"> + <topic>Gitlab -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>11.7.0</ge><lt>11.7.3</lt></range> + <range><ge>11.6.0</ge><lt>11.6.8</lt></range> + <range><ge>0.0.0</ge><lt>11.5.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/"> + <p>Remote Command Execution via GitLab Pages</p> + <p>Covert Redirect to Steal GitHub/Bitbucket Tokens</p> + <p>Remote Mirror Branches Leaked by Git Transfer Refs</p> + <p>Denial of Service with Markdown</p> + <p>Guests Can View List of Group Merge Requests</p> + <p>Guest Can View Merge Request Titles via System Notes</p> + <p>Persistent XSS via KaTeX</p> + <p>Emails Sent to Unauthorized Users</p> + <p>Hyperlink Injection in Notification Emails</p> + <p>Unauthorized Access to LFS Objects</p> + <p>Trigger Token Exposure</p> + <p>Upgrade Rails to 5.0.7.1 and 4.2.11</p> + <p>Contributed Project Information Visible in Private Profile</p> + <p>Imported Project Retains Prior Visibility Setting</p> + <p>Error disclosure on Project Import</p> + <p>Persistent XSS in User Status</p> + <p>Last Commit Status Leaked to Guest Users</p> + <p>Mitigations for IDN Homograph and RTLO Attacks</p> + <p>Access to Internal Wiki When External Wiki Enabled</p> + <p>User Can Comment on Locked Project Issues</p> + <p>Unauthorized Reaction Emojis by Guest Users</p> + <p>User Retains Project Role After Removal from Private Group</p> + <p>GitHub Token Leaked to Maintainers</p> + <p>Unauthenticated Blind SSRF in Jira Integration</p> + <p>Unauthorized Access to Group Membership</p> + <p>Validate SAML Response in Group SAML SSO</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/</url> + <cvename>CVE-2019-6783</cvename> + <cvename>CVE-2019-6788</cvename> + <cvename>CVE-2019-6785</cvename> + <cvename>CVE-2019-6790</cvename> + <cvename>CVE-2019-6997</cvename> + <cvename>CVE-2019-6784</cvename> + <cvename>CVE-2019-6789</cvename> + <cvename>CVE-2019-6781</cvename> + <cvename>CVE-2019-6786</cvename> + <cvename>CVE-2019-6787</cvename> + <cvename>CVE-2018-16476</cvename> + <cvename>CVE-2019-6782</cvename> + <cvename>CVE-2019-6791</cvename> + <cvename>CVE-2019-6792</cvename> + <cvename>CVE-2019-6796</cvename> + <cvename>CVE-2019-6794</cvename> + <cvename>CVE-2019-6795</cvename> + <cvename>CVE-2019-6960</cvename> + <cvename>CVE-2019-6995</cvename> + <cvename>CVE-2019-7176</cvename> + <cvename>CVE-2019-7155</cvename> + <cvename>CVE-2019-6797</cvename> + <cvename>CVE-2019-6793</cvename> + <cvename>CVE-2019-6996</cvename> + </references> + <dates> + <discovery>2019-01-31</discovery> + <entry>2019-01-31</entry> + </dates> + </vuln> + <vuln vid="181beef6-2482-11e9-b4a3-00155d006b02"> <topic>turnserver -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901311742.x0VHgEvF027679>