[Git][security-tracker-team/security-tracker][master] gitlab issues fixed in experimental

Salvatore Bonaccorso carnil at debian.org
Wed Jun 5 13:29:47 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eab6cbb0 by Salvatore Bonaccorso at 2019-06-05T12:28:57Z
gitlab issues fixed in experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -608,26 +608,32 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. dae
 	NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
 CVE-2019-12446 [Repository Password Disclosed on Import Error Page]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12445 [Stored Cross-Site Scripting on Notes]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12444 [Stored Cross-Site Scripting on Wiki Pages]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12443 [Server-Side Request Forgery Through DNS Rebinding]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12442 [Stored Cross-Site Scripting Vulnerability on Child Epics]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12441 [Protected Branches Restriction Rules Bypass]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...)
@@ -642,18 +648,22 @@ CVE-2019-12435
 	RESERVED
 CVE-2019-12434 [Private Project Discovery via Comment Links]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12433 [Internal Projects Allowed to Be Created on in Private Groups]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12432 [Confidential Issue Titles Revealed to Restricted Users on Unsubscribe]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12431 [Disclosure of Milestone Metadata through the Search API]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12430 [Remote Command Execution Vulnerability on Repository Download Feature]
@@ -666,6 +676,7 @@ CVE-2019-12429 [Metadata of Confidential Issues Disclosed to Restricted Users]
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions Bypass]
 	RESERVED
+	[experimental] - gitlab 11.10.5+dfsg-1
 	- gitlab <unfixed> (bug #930004)
 	NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
 CVE-2019-12427



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eab6cbb0d2ef6fbeaf664acfc6d28231e9f5e4d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eab6cbb0d2ef6fbeaf664acfc6d28231e9f5e4d4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190605/18f88bd7/attachment.html>

More information about the debian-security-tracker-commits mailing list