Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ba02c19 by Salvatore Bonaccorso at 2020-03-14T13:54:40+01:00
Process some gitlab related CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1015,45 +1015,74 @@ CVE-2020-10094
CVE-2020-10093
RESERVED
CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting
vulnerab ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting
vulnerabi ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure.
Under certai ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when
using sever ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending
on part ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.5 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge
images were ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A
particular en ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A
particul ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.3.5 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure.
Sending a ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under
certain con ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.7 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial
of servi ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.2 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was
internally d ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It
was possib ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under
certain ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request
submission fo ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal
investigation re ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site
scripting v ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.1 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular
error h ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab 12.5 and later)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A
scenario wa ...)
- TODO: check
+ [experimental] - gitlab 12.6.8-1
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It
was inter ...)
- TODO: check
+ - gitlab <not-affected> (Only affects Gitlab EE)
+ NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10072
RESERVED
CVE-2020-10071
@@ -5420,6 +5449,7 @@ CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has
Insecure Permission ..
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access
Control. ...)
+ [experimental] - gitlab 12.6.8-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1
through ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba02c19a2d5e02c6e646fe22208d0d54e59cdf3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba02c19a2d5e02c6e646fe22208d0d54e59cdf3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
