Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01090cd0 by Salvatore Bonaccorso at 2019-11-28T06:25:11Z
Add new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -246,18 +246,30 @@ CVE-2019-19316
RESERVED
CVE-2019-19315
RESERVED
-CVE-2019-19314
+CVE-2019-19314 [Tokens stored in plaintext]
RESERVED
-CVE-2019-19313
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19313 [Denial of Service in the issue and commit comment pages]
RESERVED
-CVE-2019-19312
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19312 [Forked project information disclosed via Project API]
RESERVED
-CVE-2019-19311
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19311 [Stored XSS in Group and User profile fields]
RESERVED
-CVE-2019-19310
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19310 [Disclosure of AWS secret keys on certain Admin pages]
RESERVED
-CVE-2019-19309
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19309 [Private objects exposed through project import]
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles
headers, ...)
- haproxy 2.0.10-1
[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
@@ -388,26 +400,46 @@ CVE-2019-19265
RESERVED
CVE-2019-19264
RESERVED
-CVE-2019-19263
+CVE-2019-19263 [Tags pushes from blocked users]
RESERVED
-CVE-2019-19262
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19262 [Unauthorized access to grafana metrics]
RESERVED
-CVE-2019-19261
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19261 [DNS Rebind SSRF in various chat notifications]
RESERVED
-CVE-2019-19260
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19260 [Former project members able to access repository information]
RESERVED
-CVE-2019-19259
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19259 [IDOR when adding users to protected environments]
RESERVED
-CVE-2019-19258
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19258 [Branches and Commits exposed to Guest members via integration]
RESERVED
-CVE-2019-19257
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19257 [Exposure of related branch names]
RESERVED
-CVE-2019-19256
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19256 [Disclosure of vulnerability status in dependency list]
RESERVED
-CVE-2019-19255
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19255 [Todos created for former project members]
RESERVED
-CVE-2019-19254
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19254 [Disclosure of commit count in Cycle Analytics]
RESERVED
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19253
RESERVED
NOT-FOR-US: Apereo CAS
@@ -763,12 +795,18 @@ CVE-2019-19090
RESERVED
CVE-2019-19089
RESERVED
-CVE-2019-19088
+CVE-2019-19088 [Path traversal with potential remote code execution]
RESERVED
-CVE-2019-19087
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19087 [Disclosure of comments via Elasticsearch integration]
RESERVED
-CVE-2019-19086
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
+CVE-2019-19086 [Disclosure of notes via Elasticsearch integration]
RESERVED
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in
Octopus Serve ...)
NOT-FOR-US: Octopus Server
CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated
user with ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01090cd04a49a9cd9f1a994544f8d2c9f6363248
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01090cd04a49a9cd9f1a994544f8d2c9f6363248
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
