[Git][security-tracker-team/security-tracker][master] gitlab fixed

Moritz Muehlenhoff jmm at debian.org
Thu Jan 3 08:56:37 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
da0dc38f by Moritz Muehlenhoff at 2019-01-03T08:56:11Z
gitlab fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -754,7 +754,7 @@ CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The
 	NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
 CVE-2018-20507 [Missing authentication for Prometheus alert endpoint]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20506
 	RESERVED
@@ -768,59 +768,59 @@ CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt
 	NOT-FOR-US: Bento4
 CVE-2018-20501 [Missing authorization control merge requests]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20500 [Improper access control CI/CD settings]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20499 [SSRF in project imports with LFS]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20498 [Improper access control branches and tags]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20497 [SSRF repository mirroring]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20496 [Persistent XSS label reference]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20495 [CI job token LFS error message disclosure]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20494 [Guest user CI job disclosure]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20493 [Source code disclosure merge request diff]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20492 [Todos improper access control]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20491 [Persistent XSS wiki in IE browser]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20490 [Persistent XSS Autocompletion]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20489 [URL rel attribute not set]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20488 [Secret CI variable exposure]
 	RESERVED
-	- gitlab <unfixed> (bug #918086)
+	- gitlab 11.5.6+dfsg-1 (bug #918086)
 	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
 CVE-2018-20487
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/da0dc38fdaa3f9522eb20b1404b6053dab84644e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/6e09f723/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list