Date: Thu, 09 Apr 2026 04:35:02 +0000 From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 3577d03d12d7 - main - security/vuxml: document gitlab vulnerabilities Message-ID: <69d72c76.1fa94.150695bf@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=3577d03d12d77d49068a8d4dda511e85de119e5a commit 3577d03d12d77d49068a8d4dda511e85de119e5a Author: Matthias Fechner <mfechner@FreeBSD.org> AuthorDate: 2026-04-09 04:34:24 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2026-04-09 04:35:00 +0000 security/vuxml: document gitlab vulnerabilities --- security/vuxml/vuln/2026.xml | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index de4d23275f9a..ca8d43f15088 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,54 @@ + <vuln vid="099d4998-33cc-11f1-a7d1-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> +<package> +<name>gitlab-ce</name> +<name>gitlab-ee</name> +<range><ge>18.10.0</ge><lt>18.10.3</lt></range> +<range><ge>18.9.0</ge><lt>18.9.5</lt></range> +<range><ge>11.3.0</ge><lt>18.8.9</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/">; + <p>Exposed Method issue in websocket connections impacts GitLab CE/EE</p> + <p>Denial of Service issue in Terraform state lock API impacts GitLab CE/EE</p> + <p>Denial of Service issue in GraphQL API impacts GitLab CE/EE</p> + <p>Denial of Service issue in CSV import impacts GitLab CE/EE</p> + <p>Denial of Service issue in GraphQL SBOM API impacts GitLab EE</p> + <p>Code Injection issue in Code Quality reports impacts GitLab EE</p> + <p>Cross-site Scripting issue in analytics dashboards impacts GitLab EE</p> + <p>Incorrect Authorization issue in vulnerability flags AI detection API impacts GitLab EE</p> + <p>Information Disclosure issue in certain GraphQl query impacts GitLab EE</p> + <p>Improper Access Control issue in Environments API impacts GitLab EE</p> + <p>Information Disclosure issue in CSV export impacts GitLab CE/EE</p> + <p>Missing Authorization issue in custom role permissions impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-5173</cvename> + <cvename>CVE-2026-1092</cvename> + <cvename>CVE-2025-12664</cvename> + <cvename>CVE-2026-1403</cvename> + <cvename>CVE-2026-1101</cvename> + <cvename>CVE-2026-1516</cvename> + <cvename>CVE-2026-4332</cvename> + <cvename>CVE-2026-2619</cvename> + <cvename>CVE-2025-9484</cvename> + <cvename>CVE-2026-1752</cvename> + <cvename>CVE-2026-2104</cvename> + <cvename>CVE-2026-4916</cvename> + <url>https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/</url>; + </references> + <dates> + <discovery>2026-04-08</discovery> + <entry>2026-04-09</entry> + </dates> + </vuln> + <vuln vid="c7a52cee-32ab-11f1-9839-8447094a420f"> <topic>OpenSSL -- Multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69d72c76.1fa94.150695bf>