Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 01090cd0 by Salvatore Bonaccorso at 2019-11-28T06:25:11Z Add new gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -246,18 +246,30 @@ CVE-2019-19316 RESERVED CVE-2019-19315 RESERVED -CVE-2019-19314 +CVE-2019-19314 [Tokens stored in plaintext] RESERVED -CVE-2019-19313 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19313 [Denial of Service in the issue and commit comment pages] RESERVED -CVE-2019-19312 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19312 [Forked project information disclosed via Project API] RESERVED -CVE-2019-19311 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19311 [Stored XSS in Group and User profile fields] RESERVED -CVE-2019-19310 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19310 [Disclosure of AWS secret keys on certain Admin pages] RESERVED -CVE-2019-19309 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19309 [Private objects exposed through project import] RESERVED + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...) - haproxy 2.0.10-1 [stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8) @@ -388,26 +400,46 @@ CVE-2019-19265 RESERVED CVE-2019-19264 RESERVED -CVE-2019-19263 +CVE-2019-19263 [Tags pushes from blocked users] RESERVED -CVE-2019-19262 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19262 [Unauthorized access to grafana metrics] RESERVED -CVE-2019-19261 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19261 [DNS Rebind SSRF in various chat notifications] RESERVED -CVE-2019-19260 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19260 [Former project members able to access repository information] RESERVED -CVE-2019-19259 + - gitlab <unfixed> + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19259 [IDOR when adding users to protected environments] RESERVED -CVE-2019-19258 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19258 [Branches and Commits exposed to Guest members via integration] RESERVED -CVE-2019-19257 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19257 [Exposure of related branch names] RESERVED -CVE-2019-19256 + - gitlab <unfixed> + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19256 [Disclosure of vulnerability status in dependency list] RESERVED -CVE-2019-19255 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19255 [Todos created for former project members] RESERVED -CVE-2019-19254 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19254 [Disclosure of commit count in Cycle Analytics] RESERVED + - gitlab <unfixed> + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19253 RESERVED NOT-FOR-US: Apereo CAS @@ -763,12 +795,18 @@ CVE-2019-19090 RESERVED CVE-2019-19089 RESERVED -CVE-2019-19088 +CVE-2019-19088 [Path traversal with potential remote code execution] RESERVED -CVE-2019-19087 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19087 [Disclosure of comments via Elasticsearch integration] RESERVED -CVE-2019-19086 + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ +CVE-2019-19086 [Disclosure of notes via Elasticsearch integration] RESERVED + - gitlab <not-affected> (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...) NOT-FOR-US: Octopus Server CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01090cd04a49a9cd9f1a994544f8d2c9f6363248 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/01090cd04a49a9cd9f1a994544f8d2c9f6363248 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits