diff options
| author | Matthias Fechner <mfechner@FreeBSD.org> | 2019-01-31 17:42:14 +0000 |
|---|---|---|
| committer | Matthias Fechner <mfechner@FreeBSD.org> | 2019-01-31 17:42:14 +0000 |
| commit | c04411c192b9964795156e43a0bd2d874c1c629f (patch) | |
| tree | 7f95c7ca55844f19ed1584b537cf966767ee1421 /security | |
| parent | 1af4347ebbbf5e4dbfed47108299f39113ea77f6 (diff) | |
| download | ports-c04411c192b9964795156e43a0bd2d874c1c629f.tar.gz ports-c04411c192b9964795156e43a0bd2d874c1c629f.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2d8350f03a96..c74377c5a998 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,82 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="467b7cbe-257d-11e9-8573-001b217b3468"> + <topic>Gitlab -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <range><ge>11.7.0</ge><lt>11.7.3</lt></range> + <range><ge>11.6.0</ge><lt>11.6.8</lt></range> + <range><ge>0.0.0</ge><lt>11.5.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/"> + <p>Remote Command Execution via GitLab Pages</p> + <p>Covert Redirect to Steal GitHub/Bitbucket Tokens</p> + <p>Remote Mirror Branches Leaked by Git Transfer Refs</p> + <p>Denial of Service with Markdown</p> + <p>Guests Can View List of Group Merge Requests</p> + <p>Guest Can View Merge Request Titles via System Notes</p> + <p>Persistent XSS via KaTeX</p> + <p>Emails Sent to Unauthorized Users</p> + <p>Hyperlink Injection in Notification Emails</p> + <p>Unauthorized Access to LFS Objects</p> + <p>Trigger Token Exposure</p> + <p>Upgrade Rails to 5.0.7.1 and 4.2.11</p> + <p>Contributed Project Information Visible in Private Profile</p> + <p>Imported Project Retains Prior Visibility Setting</p> + <p>Error disclosure on Project Import</p> + <p>Persistent XSS in User Status</p> + <p>Last Commit Status Leaked to Guest Users</p> + <p>Mitigations for IDN Homograph and RTLO Attacks</p> + <p>Access to Internal Wiki When External Wiki Enabled</p> + <p>User Can Comment on Locked Project Issues</p> + <p>Unauthorized Reaction Emojis by Guest Users</p> + <p>User Retains Project Role After Removal from Private Group</p> + <p>GitHub Token Leaked to Maintainers</p> + <p>Unauthenticated Blind SSRF in Jira Integration</p> + <p>Unauthorized Access to Group Membership</p> + <p>Validate SAML Response in Group SAML SSO</p> + </blockquote> + </body> + </description> + <references> + <url>https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/</url> + <cvename>CVE-2019-6783</cvename> + <cvename>CVE-2019-6788</cvename> + <cvename>CVE-2019-6785</cvename> + <cvename>CVE-2019-6790</cvename> + <cvename>CVE-2019-6997</cvename> + <cvename>CVE-2019-6784</cvename> + <cvename>CVE-2019-6789</cvename> + <cvename>CVE-2019-6781</cvename> + <cvename>CVE-2019-6786</cvename> + <cvename>CVE-2019-6787</cvename> + <cvename>CVE-2018-16476</cvename> + <cvename>CVE-2019-6782</cvename> + <cvename>CVE-2019-6791</cvename> + <cvename>CVE-2019-6792</cvename> + <cvename>CVE-2019-6796</cvename> + <cvename>CVE-2019-6794</cvename> + <cvename>CVE-2019-6795</cvename> + <cvename>CVE-2019-6960</cvename> + <cvename>CVE-2019-6995</cvename> + <cvename>CVE-2019-7176</cvename> + <cvename>CVE-2019-7155</cvename> + <cvename>CVE-2019-6797</cvename> + <cvename>CVE-2019-6793</cvename> + <cvename>CVE-2019-6996</cvename> + </references> + <dates> + <discovery>2019-01-31</discovery> + <entry>2019-01-31</entry> + </dates> + </vuln> + <vuln vid="181beef6-2482-11e9-b4a3-00155d006b02"> <topic>turnserver -- multiple vulnerabilities</topic> <affects> |