Date: Tue, 30 Jul 2019 15:11:58 +0000 (UTC) From: Matthias Fechner <mfechner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r507649 - head/security/vuxml Message-ID: <201907301511.x6UFBxEN056985@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mfechner Date: Tue Jul 30 15:11:58 2019 New Revision: 507649 URL: https://svnweb.freebsd.org/changeset/ports/507649 Log: Document www/gitlab-ce vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jul 30 15:06:50 2019 (r507648) +++ head/security/vuxml/vuln.xml Tue Jul 30 15:11:58 2019 (r507649) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1cd89254-b2db-11e9-8001-001b217b3468"> + <topic>Gitlab -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>12.1.0</ge><lt>12.1.2</lt></range> + <range><ge>12.0.0</ge><lt>12.0.4</lt></range> + <range><ge>8.9.0</ge><lt>11.11.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/"> + <p>GitHub Integration SSRF</p> + <p>Trigger Token Impersonation</p> + <p>Build Status Disclosure</p> + <p>SSRF Mitigation Bypass</p> + <p>Information Disclosure New Issue ID</p> + <p>IDOR Label Name Enumeration</p> + <p>Persistent XSS Wiki Pages</p> + <p>User Revokation Bypass with Mattermost Integration</p> + <p>Arbitrary File Upload via Import Project Archive</p> + <p>Information Disclosure Vulnerability Feedback</p> + <p>Persistent XSS via Email</p> + <p>Denial Of Service Epic Comments</p> + <p>Email Verification Bypass</p> + <p>Override Merge Request Approval Rules</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/</url> + </references> + <dates> + <discovery>2019-07-29</discovery> + <entry>2019-07-30</entry> + </dates> + </vuln> + <vuln vid="38d2df4d-b143-11e9-87e7-901b0e934d69"> <topic>py-matrix-synapse -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907301511.x6UFBxEN056985>