[Git][security-tracker-team/security-tracker][master] Add new gitlab issues

Salvatore Bonaccorso carnil at debian.org
Tue Jul 30 21:26:44 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fc5f1ef3 by Salvatore Bonaccorso at 2019-07-30T20:26:12Z
Add new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24573,34 +24573,63 @@ CVE-2019-5476
 	RESERVED
 CVE-2019-5475
 	RESERVED
-CVE-2019-5474
+CVE-2019-5474 [Override Merge Request Approval Rules]
 	RESERVED
-CVE-2019-5473
+	- gitlab <not-affected> (Only affects Gitlab EE 11.8 and later)
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5473 [Email Verification Bypass]
 	RESERVED
-CVE-2019-5472
+	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5472 [Denial Of Service Epic Comments]
 	RESERVED
-CVE-2019-5471
+	- gitlab <not-affected> (Only affects Gitlab EE 10.7 and later)
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5471 [Persistent XSS via Email]
 	RESERVED
-CVE-2019-5470
+	- gitlab <not-affected> (Only affects Gitlab EE 8.9 and later)
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5470 [Information Disclosure Vulnerability Feedback]
 	RESERVED
-CVE-2019-5469
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5469 [Arbitrary File Upload via Import Project Archive]
 	RESERVED
-CVE-2019-5468
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5468 [User Revokation Bypass with Mattermost Integration]
 	RESERVED
-CVE-2019-5467
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5467 [Persistent XSS Wiki Pages]
 	RESERVED
-CVE-2019-5466
+	[experimental] - gitlab <unfixed>
+	- gitlab <not-affected> (Only affects 11.10 and later)
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5466 [IDOR Label Name Enumeration]
 	RESERVED
-CVE-2019-5465
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5465 [Information Disclosure New Issue ID]
 	RESERVED
-CVE-2019-5464
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5464 [SSRF Mitigation Bypass]
 	RESERVED
-CVE-2019-5463
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5463 [Build Status Disclosure]
 	RESERVED
-CVE-2019-5462
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5462 [Trigger Token Impersonation]
 	RESERVED
-CVE-2019-5461
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
+CVE-2019-5461 [GitHub Integration SSRF]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
 CVE-2019-5460
 	RESERVED
 CVE-2019-5459



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc5f1ef380aab0af5593526de09afd35e5fbac2f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fc5f1ef380aab0af5593526de09afd35e5fbac2f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/f0218878/attachment.html>


More information about the debian-security-tracker-commits mailing list