[DRE-maint] Bug#928221: gitlab: CVE-2019-11544 CVE-2019-11546 CVE-2019-11547 CVE-2019-11548 CVE-2019-11549
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 30 06:37:26 BST 2019
Source: gitlab
Version: 11.8.6+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for gitlab.
CVE-2019-11544[0]:
Notification Emails Sent to Restricted Users
CVE-2019-11546[1]:
Merge Request Approval Count Inflation
CVE-2019-11547[2]:
Unsanitized Branch Names on New Merge Request Notification Emails
CVE-2019-11548[3]:
Unauthorized Comments on Confidential Issues
CVE-2019-11549[4]:
Improper Sanitation of Credentials in Gitaly
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-11544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11544
[1] https://security-tracker.debian.org/tracker/CVE-2019-11546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11546
[2] https://security-tracker.debian.org/tracker/CVE-2019-11547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11547
[3] https://security-tracker.debian.org/tracker/CVE-2019-11548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11548
[4] https://security-tracker.debian.org/tracker/CVE-2019-11549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11549
[5] https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list