[DRE-maint] Bug#934708: gitlab: CVE-2019-14942 CVE-2019-14944 (GitLab Critical Security Release: 12.1.6, 12.0.6, and 11.11.8)
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 13 19:58:51 BST 2019
Source: gitlab
Version: 11.8.10+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for gitlab, another round
of gitlab issues. Where this time only two CVE are affecting the
versions present in Debian.
CVE-2019-14942[0]:
Insecure Cookie Handling on GitLab Pages
CVE-2019-14944[1]:
Multiple Command-Line Flag Injection Vulnerabilities
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14942
[1] https://security-tracker.debian.org/tracker/CVE-2019-14944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14944
[2] https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list