[Git][security-tracker-team/security-tracker][master] 3 commits: Track some fixed versions for gitlab after unstable upload
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 22 13:45:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acd8d9da by Salvatore Bonaccorso at 2020-03-22T14:44:30+01:00
Track some fixed versions for gitlab after unstable upload
- - - - -
82254e4e by Salvatore Bonaccorso at 2020-03-22T14:44:43+01:00
Track some gitlab CVEs wich are affecting only the EE version
- - - - -
936dfe22 by Salvatore Bonaccorso at 2020-03-22T14:45:05+01:00
Remove unneeded unfixed status for experimental for CVE-2019-5467
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1590,26 +1590,26 @@ CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vu
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...)
- gitlab <not-affected> (Only affects Gitlab 12.5 and later)
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...)
- gitlab <not-affected> (Only affects Gitlab 12.3.5 and later)
@@ -1625,15 +1625,15 @@ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...)
- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
@@ -1649,7 +1649,7 @@ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular e
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -6032,11 +6032,11 @@ CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version
CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
NOT-FOR-US: Revive Adserver
CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...)
[experimental] - gitlab 12.6.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
{DLA-2089-1}
@@ -6393,13 +6393,13 @@ CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...)
[experimental] - gitlab 12.6.7-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...)
- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE 11.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7970
RESERVED
@@ -6408,7 +6408,7 @@ CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclos
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...)
[experimental] - gitlab 12.6.7-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...)
- gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later)
@@ -8993,10 +8993,10 @@ CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-base
CVE-2020-6834
RESERVED
CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects Gitlab EE 11.3 and later)
NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects GitLab EE 8.9.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...)
- ganglia-web <unfixed> (unimportant; bug #948664)
@@ -12964,7 +12964,7 @@ CVE-2020-5198
RESERVED
CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...)
NOT-FOR-US: Cerberus FTP Server Enterprise Edition
@@ -15716,23 +15716,23 @@ CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user inpu
NOTE: https://github.com/jonschlinkert/kind-of/pull/31
CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
[experimental] - gitlab 12.6.2-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/
CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
- gitlab <not-affected> (Only affects Gitlab CE 12.6)
@@ -22919,7 +22919,7 @@ CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
- gitlab-workhorse 8.8.1+debian-3
[buster] - gitlab-workhorse <ignored> (Minor issue)
[stretch] - gitlab-workhorse <ignored> (Minor issue)
@@ -22934,7 +22934,7 @@ CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has I
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorre ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -22944,7 +22944,7 @@ CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has I
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and lat ...)
[experimental] - gitlab 12.2.9-5
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19253
RESERVED
@@ -27400,74 +27400,74 @@ CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 be
NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise Edition 11 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.2.9-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
CVE-2019-18445
RESERVED
@@ -34493,7 +34493,7 @@ CVE-2019-16171 (In JetBrains YouTrack through 2019.2.56594, stored XSS was found
NOT-FOR-US: JetBrains YouTrack
CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and 12.x bef ...)
[experimental] - gitlab 12.0.9-1
- - gitlab <unfixed> (bug #940007)
+ - gitlab 12.6.8-3 (bug #940007)
NOTE: https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/
CVE-2019-16169
RESERVED
@@ -35626,32 +35626,32 @@ CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An
NOT-FOR-US: GitLab Omnibus
CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise Edition 7.9 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15739 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15738 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
- gitlab <not-affected> (Only affects 12.0 and later)
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15737 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15736 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15735
RESERVED
CVE-2019-15734 (An issue was discovered in GitLab Community and Enterprise Edition 8.6 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15733 (An issue was discovered in GitLab Community and Enterprise Edition 7.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15732 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
- gitlab <not-affected> (Only affects 12.2 and later)
@@ -35661,23 +35661,23 @@ CVE-2019-15731 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15728 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15727 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15726 (An issue was discovered in GitLab Community and Enterprise Edition thr ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15725 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
- gitlab <not-affected> (only affects 12.0 and later)
@@ -35690,11 +35690,11 @@ CVE-2019-15723 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15722 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
NOT-FOR-US: CloudBerry Backup
@@ -36171,18 +36171,18 @@ CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that all
NOTE: https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/557154
NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b
CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows ...)
[experimental] - gitlab 12.0.8-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...)
- gitlab <unfixed>
NOTE: https://hackerone.com/reports/676976
CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and < 1 ...)
- - gitlab <unfixed>
+ - gitlab <not-affected> (Only affects GitLab EE 11.5 and later)
NOTE: https://hackerone.com/reports/701144
NOTE: https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/
CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...)
@@ -36199,40 +36199,40 @@ CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin.
- gitlab <not-affected> (Only affects Gitlab 12.1)
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/670572
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...)
- gitlab <not-affected> (Only affects EE)
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/636560
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/633001
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/682442
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...)
@@ -38256,7 +38256,7 @@ CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS.
CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities]
RESERVED
[experimental] - gitlab 11.11.8+dfsg-1
- - gitlab <unfixed> (bug #934708)
+ - gitlab 12.6.8-3 (bug #934708)
NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...)
- gitlab <not-affected> (Only affects GitLab CE/EE 12.0 and later)
@@ -38264,7 +38264,7 @@ CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Editi
CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
RESERVED
[experimental] - gitlab 11.11.8+dfsg-1
- - gitlab <unfixed> (bug #934708)
+ - gitlab 12.6.8-3 (bug #934708)
NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
CVE-2019-14941
RESERVED
@@ -45190,7 +45190,7 @@ CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the templat
NOT-FOR-US: Patchwork
CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 lacks length checking in pr ...)
NOT-FOR-US: Amazon FreeRTOS
@@ -45514,15 +45514,15 @@ CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege esc
NOT-FOR-US: Little Snitch
CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0. ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise Edition 9.2 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13008
RESERVED
@@ -45531,7 +45531,7 @@ CVE-2019-13007 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise Edition 9.0 ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and Community Edi ...)
[experimental] - gitlab 11.10.8+dfsg-1
@@ -45542,7 +45542,7 @@ CVE-2019-13004 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
[experimental] - gitlab 11.10.8+dfsg-1
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 11.10.8+dfsg-1
@@ -47043,27 +47043,27 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. dae
NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise Edition 8.3 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise Edition 8.9 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7 through 11.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...)
NOT-FOR-US: Sitecore CMS
@@ -47081,19 +47081,19 @@ CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL poi
NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html
CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
- gitlab <not-affected> (Only affects 11.11)
@@ -47103,7 +47103,7 @@ CVE-2019-12429 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise Edition 6.8 ...)
[experimental] - gitlab 11.10.5+dfsg-1
- - gitlab <unfixed> (bug #930004)
+ - gitlab 12.6.8-3 (bug #930004)
NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...)
NOT-FOR-US: Zimbra Collaboration
@@ -66877,7 +66877,7 @@ CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE <
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://hackerone.com/reports/692252
CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE <v12.3 ...)
- - gitlab <unfixed>
+ - gitlab 12.6.8-3
NOTE: https://hackerone.com/reports/617896
NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
@@ -66936,43 +66936,42 @@ CVE-2019-5471 (An input validation and output encoding issue was discovered in t
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5470 (An information disclosure issue was discovered GitLab versions < 12 ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and & ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions < 1 ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5467 (An input validation and output encoding issue was discovered in the Gi ...)
- [experimental] - gitlab <unfixed>
- gitlab <not-affected> (Only affects 11.10 and later)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badge ima ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5461 (An input validation problem was discovered in the GitHub service integ ...)
[experimental] - gitlab 11.11.7+dfsg-1
- - gitlab <unfixed> (bug #933785)
+ - gitlab 12.6.8-3 (bug #933785)
NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
CVE-2019-5460 (Double Free in VLC versions <= 3.0.6 leads to a crash. ...)
{DSA-4459-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc0d0357d0ece91f4de4404d631d3b9dcacfe40f...936dfe220c9b5d7aa41913af15eaecf3c24dba19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc0d0357d0ece91f4de4404d631d3b9dcacfe40f...936dfe220c9b5d7aa41913af15eaecf3c24dba19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200322/88686549/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list