[Git][security-tracker-team/security-tracker][master] gitlab fixed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5984c590 by Moritz Muehlenhoff at 2019-04-19T13:24:28Z
gitlab fixed
removed buster entry for simple-xml, pending removal

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1721,7 +1721,7 @@ CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Re
 	NOT-FOR-US: Contao
 CVE-2019-10640 [DoS potential for regex in CI/CD refs]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10639
 	RESERVED
@@ -2826,11 +2826,11 @@ CVE-2019-10117 [Recurity assessment: open redirect]
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10116 [Related branches visible in issues for guests]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10115 [Guest users of private projects have access to releases]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10114 [Recurity assessment: information exposure through timing discrepancy]
 	RESERVED
@@ -2838,7 +2838,7 @@ CVE-2019-10114 [Recurity assessment: information exposure through timing discrep
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10113 [DoS potential on project languages page]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10112 [Recurity assessment: loginState HMAC issues]
 	RESERVED
@@ -2846,15 +2846,15 @@ CVE-2019-10112 [Recurity assessment: loginState HMAC issues]
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10111 [Persistent XSS at merge request resolve conflicts]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10110 [Improper authorization control "move issue"]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10109 [EXIF geolocation data not stripped from uploaded images]
 	RESERVED
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
 CVE-2019-10108 [IDOR labels of private projects/groups]
 	RESERVED
@@ -69265,7 +69265,7 @@ CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript calculat
 	{DSA-4199-1 DLA-1376-1}
 	- firefox 60.0-1
 	- firefox-esr 52.8.0esr-1
-	- gitlab <unfixed> (bug #926482)
+	- gitlab 11.8.6+dfsg-1 (bug #926482)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
 	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
@@ -84678,7 +84678,6 @@ CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script inj
 	NOT-FOR-US: Opencast
 CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
 	- simple-xml <unfixed> (low; bug #888547)
-	[buster] - simple-xml <ignored> (Minor issue)
 	[stretch] - simple-xml <ignored> (Minor issue)
 	[jessie] - simple-xml <no-dsa> (Minor issue)
 	[wheezy] - simple-xml <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5984c590595323c04f50474299f12c84fa5e03e7
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190419/e98a46d9/attachment.html>