Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e529f42 by Salvatore Bonaccorso at 2019-09-09T06:55:02Z
Track new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -863,48 +863,100 @@ CVE-2019-15743
RESERVED
CVE-2019-15742
RESERVED
-CVE-2019-15741
+CVE-2019-15741 [Privilege Escalation via Logrotate]
RESERVED
-CVE-2019-15740
+ NOT-FOR-US: GitLab Omnibus
+CVE-2019-15740 [EXIF Geolocation Data Exposure]
RESERVED
-CVE-2019-15739
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15739 [Stored XSS via Markdown]
RESERVED
-CVE-2019-15738
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15738 [Disclosure of Merge Request IDs]
RESERVED
-CVE-2019-15737
+ - gitlab <not-affected> (Only affects 12.0 and later)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15737 [Weak Authentication In Certain Account Actions]
RESERVED
-CVE-2019-15736
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15736 [Potential Denial of Service via CI Pipelines]
RESERVED
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15735
RESERVED
-CVE-2019-15734
+CVE-2019-15734 [Disclosure of Commit Title and Comments]
RESERVED
-CVE-2019-15733
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15733 [Default Branch Name Exposure]
RESERVED
-CVE-2019-15732
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15732 [Project Visibility Restriction Bypass]
RESERVED
-CVE-2019-15731
+ - gitlab <not-affected> (Only affects 12.2 and later)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15731 [Merge Request Discussion Restriction Bypass]
RESERVED
-CVE-2019-15730
+ - gitlab <not-affected> (Only affects 12.0 and later)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15730 [Server-Side Request Forgery in Jira Integration]
RESERVED
-CVE-2019-15729
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15729 [Pipeline Status Disclosure]
RESERVED
-CVE-2019-15728
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15728 [Kubernetes Integration Server-Side Request Forgery]
RESERVED
-CVE-2019-15727
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15727 [CI Metrics Disclosure]
RESERVED
-CVE-2019-15726
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15726 [User IP Disclosed by Embedded Image and Media]
RESERVED
-CVE-2019-15725
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15725 [IDOR in Epic Notes API]
RESERVED
-CVE-2019-15724
+ - gitlab <not-affected> (only affects 12.0 and later)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15724 [Label Description HTML Injection]
RESERVED
-CVE-2019-15723
+ - gitlab <not-affected> (Only affects 11.10 and later)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15723 [Push Rule Bypass]
RESERVED
-CVE-2019-15722
+ - gitlab <not-affected> (Only affects versions 11.9.4-11.10.0)
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15722 [Markdown Clientside Resource Exhaustion]
RESERVED
-CVE-2019-15721
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
+CVE-2019-15721 [Group Runner Authorization Issue]
RESERVED
+ [experimental] - gitlab 12.0.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation
via a Pr ...)
NOT-FOR-US: CloudBerry Backup
CVE-2019-15719
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e529f4245c05c03a74fda522070cbd00a9294cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1e529f4245c05c03a74fda522070cbd00a9294cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
