Date: Sat, 9 Jan 2021 20:06:20 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r560889 - head/security/vuxml Message-ID: <202101092006.109K6K51062531@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Sat Jan 9 20:06:20 2021 New Revision: 560889 URL: https://svnweb.freebsd.org/changeset/ports/560889 Log: Document gitlab vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Jan 9 19:34:52 2021 (r560888) +++ head/security/vuxml/vuln.xml Sat Jan 9 20:06:20 2021 (r560889) @@ -58,6 +58,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a2a2b34d-52b4-11eb-87cb-001b217b3468"> + <topic>Gitlab -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>13.7.0</ge><lt>13.7.2</lt></range> + <range><ge>13.6.0</ge><lt>13.6.4</lt></range> + <range><ge>12.2</ge><lt>13.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/"> + <p>Ability to steal a user's API access token through GitLab Pages</p> + <p>Prometheus denial of service via HTTP request with custom method</p> + <p>Unauthorized user is able to access private repository information under specific conditions</p> + <p>Regular expression denial of service in NuGet API</p> + <p>Regular expression denial of service in package uploads</p> + <p>Update curl dependency</p> + <p>CVE-2019-3881 mitigation</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/</url> + <cvename>CVE-2021-22166</cvename> + <cvename>CVE-2020-26414</cvename> + <cvename>CVE-2019-3881</cvename> + </references> + <dates> + <discovery>2021-01-07</discovery> + <entry>2021-01-09</entry> + </dates> + </vuln> + <vuln vid="d153c4d2-50f8-11eb-8046-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101092006.109K6K51062531>