[Git][security-tracker-team/security-tracker][master] 2 commits: Add new gitlab issues

Salvatore Bonaccorso carnil at debian.org
Mon Jun 3 15:01:58 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7200def3 by Salvatore Bonaccorso at 2019-06-03T14:01:25Z
Add new gitlab issues

- - - - -
5af3ebbb by Salvatore Bonaccorso at 2019-06-03T14:01:39Z
Cleanup trailing whitespaces

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -308,18 +308,30 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. dae
 	[jessie] - gvfs <not-affected> (Vulnerable code introduced later)
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
-CVE-2019-12446
+CVE-2019-12446 [Repository Password Disclosed on Import Error Page]
 	RESERVED
-CVE-2019-12445
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12445 [Stored Cross-Site Scripting on Notes]
 	RESERVED
-CVE-2019-12444
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12444 [Stored Cross-Site Scripting on Wiki Pages]
 	RESERVED
-CVE-2019-12443
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12443 [Server-Side Request Forgery Through DNS Rebinding]
 	RESERVED
-CVE-2019-12442
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12442 [Stored Cross-Site Scripting Vulnerability on Child Epics]
 	RESERVED
-CVE-2019-12441
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12441 [Protected Branches Restriction Rules Bypass]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...)
 	TODO: check
 CVE-2019-12438
@@ -330,20 +342,34 @@ CVE-2019-12436
 	RESERVED
 CVE-2019-12435
 	RESERVED
-CVE-2019-12434
+CVE-2019-12434 [Private Project Discovery via Comment Links]
 	RESERVED
-CVE-2019-12433
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12433 [Internal Projects Allowed to Be Created on in Private Groups]
 	RESERVED
-CVE-2019-12432
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12432 [Confidential Issue Titles Revealed to Restricted Users on Unsubscribe]
 	RESERVED
-CVE-2019-12431
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12431 [Disclosure of Milestone Metadata through the Search API]
 	RESERVED
-CVE-2019-12430
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12430 [Remote Command Execution Vulnerability on Repository Download Feature]
 	RESERVED
-CVE-2019-12429
+	- gitlab <not-affected> (Only affects 11.11)
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12429 [Metadata of Confidential Issues Disclosed to Restricted Users]
 	RESERVED
-CVE-2019-12428
+	- gitlab <not-affected> (Only affects 11.9 and later)
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
+CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions Bypass]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12427
 	RESERVED
 CVE-2019-12426
@@ -11182,9 +11208,9 @@ CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API be
 CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...)
 	NOT-FOR-US: D-Link
 CVE-2019-8391 (qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?typ ...)
-	NOT-FOR-US: qdPM 
+	NOT-FOR-US: qdPM
 CVE-2019-8390 (qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keyword ...)
-	NOT-FOR-US: qdPM 
+	NOT-FOR-US: qdPM
 CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer feature ...)
 	NOT-FOR-US: Musicloud
 CVE-2019-8388



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8941f9fb8f2253805a6c6f8f041773fd4b8c65ff...5af3ebbb6daa08e3230d128142200f610b0f3096

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8941f9fb8f2253805a6c6f8f041773fd4b8c65ff...5af3ebbb6daa08e3230d128142200f610b0f3096
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190603/7f2f4bd8/attachment.html>

More information about the debian-security-tracker-commits mailing list