Date: Fri, 3 Jan 2020 09:18:21 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r521915 - head/security/vuxml Message-ID: <202001030918.0039ILCa000693@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Fri Jan 3 09:18:21 2020 New Revision: 521915 URL: https://svnweb.freebsd.org/changeset/ports/521915 Log: Document gitlab vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 3 09:16:33 2020 (r521914) +++ head/security/vuxml/vuln.xml Fri Jan 3 09:18:21 2020 (r521915) @@ -58,6 +58,48 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="01bde18a-2e09-11ea-a935-001b217b3468"> + <topic>Gitlab -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>12.6.0</ge><lt>12.6.2</lt></range> + <range><ge>12.5.0</ge><lt>12.5.6</lt></range> + <range><ge>5.1.0</ge><lt>12.4.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SO-AND-SO reports:</p> + <blockquote cite="https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/"> + <p>Group Maintainers Can Update/Delete Group Runners Using API</p> + <p>GraphQL Queries Can Hang the Application</p> + <p>Unauthorized Users Have Access to Milestones of Releases</p> + <p>Private Group Name Revealed Through Protected Tags API</p> + <p>Users Can Publish Reviews on Locked Merge Requests</p> + <p>DoS in the Issue and Commit Comments Pages</p> + <p>Project Name Disclosed Through Unsubscribe Link</p> + <p>Private Project Name Disclosed Through Notification Settings</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/</url> + <cvename>CVE-2019-20144</cvename> + <cvename>CVE-2019-20146</cvename> + <cvename>CVE-2019-20143</cvename> + <cvename>CVE-2019-20147</cvename> + <cvename>CVE-2019-20145</cvename> + <cvename>CVE-2019-20142</cvename> + <cvename>CVE-2019-20148</cvename> + <cvename>CVE-2020-5197</cvename> + </references> + <dates> + <discovery>2020-01-02</discovery> + <entry>2020-01-03</entry> + </dates> + </vuln> + <vuln vid="66e4dc99-28b3-11ea-8dde-08002728f74c"> <topic>rack -- information leak / session hijack vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001030918.0039ILCa000693>