[Git][security-tracker-team/security-tracker][master] Process some gitlab related CVEs

Salvatore Bonaccorso carnil at debian.org
Sat Mar 14 12:56:04 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ba02c19 by Salvatore Bonaccorso at 2020-03-14T13:54:40+01:00
Process some gitlab related CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1015,45 +1015,74 @@ CVE-2020-10094
 CVE-2020-10093
 	RESERVED
 CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were  ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.3.5 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.7 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.2 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...)
-	TODO: check
+	[experimental] - gitlab 12.6.8-1
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...)
-	TODO: check
+	- gitlab <not-affected> (Only affects Gitlab EE)
+	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-10072
 	RESERVED
 CVE-2020-10071
@@ -5420,6 +5449,7 @@ CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ..
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...)
+	[experimental] - gitlab 12.6.8-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
 CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba02c19a2d5e02c6e646fe22208d0d54e59cdf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba02c19a2d5e02c6e646fe22208d0d54e59cdf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200314/df9d91f9/attachment.html>

More information about the debian-security-tracker-commits mailing list