[Git][security-tracker-team/security-tracker][master] 2 commits: Fix listing of suites for CVE-2020-10954/gitlab

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9181ee71 by Salvatore Bonaccorso at 2020-04-09T22:22:37+02:00
Fix listing of suites for CVE-2020-10954/gitlab

- - - - -
903c1768 by Salvatore Bonaccorso at 2020-04-09T22:23:14+02:00
Track some gitlab issues from 2020-03-26 release

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1738,19 +1738,33 @@ CVE-2020-10983
 CVE-2020-10982
 	RESERVED
 CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...)
-	TODO: check
+	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10974
 	RESERVED
 CVE-2020-10973
@@ -1817,8 +1831,8 @@ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tamper
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...)
-	- gitlab <unfixed>
 	[experimental] - gitlab 12.8.8-1
+	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
 CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...)
 	- gitlab <not-affected> (Only affects GitLab EE 11.7 and later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e9249105b2c39b66773a8efdd1ee4ac002c42b76...903c1768efc441c8a2207e9872e44a2a06af785e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e9249105b2c39b66773a8efdd1ee4ac002c42b76...903c1768efc441c8a2207e9872e44a2a06af785e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200409/9491cf86/attachment.html>