[Git][security-tracker-team/security-tracker][master] Add references for gitlab release from 2019/09/30 (Some CVEs assigned)

Salvatore Bonaccorso carnil at debian.org
Wed Jan 29 20:44:55 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
085a3ac9 by Salvatore Bonaccorso at 2020-01-29T21:43:42+01:00
Add references for gitlab release from 2019/09/30 (Some CVEs assigned)

Open question remains if actually gitlab might just be removed from the
archive at least in unstable. The current situation does not seem to
make much sense as issues never get fixed in unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29944,6 +29944,7 @@ CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and
 CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/497047
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager <= 2.1 ...)
 	NOT-FOR-US: Nexus Repository Manager
 CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...)
@@ -29951,33 +29952,45 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript
 	- ruby-loofah 2.3.1+dfsg-1 (bug #942894)
 	NOTE: https://github.com/flavorjones/loofah/issues/171
 CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.1)
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and &lt ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/670572
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...)
 	- gitlab <not-affected> (Only affects EE)
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
-	TODO: check
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/636560
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/633001
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/682442
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...)
 	NOT-FOR-US: Gesior-AAC
 CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...)
@@ -60357,6 +60370,7 @@ CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE <
 CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE <v12.3 ...)
 	- gitlab <unfixed>
 	NOTE: https://hackerone.com/reports/617896
+	NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
 CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
 	NOT-FOR-US: node gitlabhook
 CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/085a3ac9c439d92b2654fe536177d5b4800dc6a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/085a3ac9c439d92b2654fe536177d5b4800dc6a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/3725d147/attachment.html>

More information about the debian-security-tracker-commits mailing list