Date: Fri, 30 Aug 2019 05:45:24 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510237 - head/security/vuxml Message-ID: <201908300545.x7U5jOwO060515@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Fri Aug 30 05:45:24 2019 New Revision: 510237 URL: https://svnweb.freebsd.org/changeset/ports/510237 Log: Document www/gitlab-ce vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Aug 30 05:20:44 2019 (r510236) +++ head/security/vuxml/vuln.xml Fri Aug 30 05:45:24 2019 (r510237) @@ -58,6 +58,74 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="b68cc195-cae7-11e9-86e9-001b217b3468"> + <topic>Gitlab -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>12.2.0</ge><lt>12.2.3</lt></range> + <range><ge>12.1.0</ge><lt>12.1.8</lt></range> + <range><ge>0.0.0</ge><lt>12.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/">; + <p>Kubernetes Integration Server-Side Request Forgery</p> + <p>Server-Side Request Forgery in Jira Integration</p> + <p>Improved Protection Against Credential Stuffing Attacks</p> + <p>Markdown Clientside Resource Exhaustion</p> + <p>Pipeline Status Disclosure</p> + <p>Group Runner Authorization Issue</p> + <p>CI Metrics Disclosure</p> + <p>User IP Disclosed by Embedded Image and Media</p> + <p>Label Description HTML Injection</p> + <p>IDOR in Epic Notes API</p> + <p>Push Rule Bypass</p> + <p>Project Visibility Restriction Bypass</p> + <p>Merge Request Discussion Restriction Bypass</p> + <p>Disclosure of Merge Request IDs</p> + <p>Weak Authentication In Certain Account Actions</p> + <p>Disclosure of Commit Title and Comments</p> + <p>Stored XSS via Markdown</p> + <p>EXIF Geolocation Data Exposure</p> + <p>Multiple SSRF Regressions on Gitaly</p> + <p>Default Branch Name Exposure</p> + <p>Potential Denial of Service via CI Pipelines</p> + <p>Privilege Escalation via Logrotate</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/</url>; + <cvename>CVE-2019-15728</cvename> + <cvename>CVE-2019-15730</cvename> + <cvename>CVE-2019-15722</cvename> + <cvename>CVE-2019-15729</cvename> + <cvename>CVE-2019-15721</cvename> + <cvename>CVE-2019-15727</cvename> + <cvename>CVE-2019-15726</cvename> + <cvename>CVE-2019-15724</cvename> + <cvename>CVE-2019-15725</cvename> + <cvename>CVE-2019-15723</cvename> + <cvename>CVE-2019-15732</cvename> + <cvename>CVE-2019-15731</cvename> + <cvename>CVE-2019-15738</cvename> + <cvename>CVE-2019-15737</cvename> + <cvename>CVE-2019-15734</cvename> + <cvename>CVE-2019-15739</cvename> + <cvename>CVE-2019-15740</cvename> + <cvename>CVE-2019-15733</cvename> + <cvename>CVE-2019-15736</cvename> + <cvename>CVE-2019-15741</cvename> + </references> + <dates> + <discovery>2019-08-29</discovery> + <entry>2019-08-30</entry> + </dates> + </vuln> + <vuln vid="ed8d5535-ca78-11e9-980b-999ff59c22ea"> <topic>RDoc -- multiple jQuery vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908300545.x7U5jOwO060515>