From nobody Fri Jan 26 09:42:01 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TLt554PbTz581gY; Fri, 26 Jan 2024 09:42:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TLt553yXLz4qQZ; Fri, 26 Jan 2024 09:42:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706262121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3ofk/uIX66Qg4iaEWZmFiu0CQQ1tRssMhL7OXvkF5Kg=; b=EFgDJvre9qbJJm7YBigEdUyM1iLwWYbSooT3/2subERNANLIFv64EQjd4DB7el5vC1aY26 pVPDeAHBHP0bFPuVNHqI+pRfEm/Q2vOL97l/Xz8Yz+y7NEY80LeVnxwBAnUoOIhWcpzAnY a/szfejtWalZ83ekBxZcjzFaVFcRDcalogOlYtCVhAPWjdsE6OlvJPG2y026wqsMyclTMd moiPAh+FMF40RAs3UprEXy0CRwl8pJfWQKWj6xeAZnZY/Kj0dfCM9ZCZdgCjHTqJ6HxFSQ RueBcbSyYu773LLVKOCYpe4mXhKjN9I0zBUoiTSnVqwBHhyZOfqLgW+yRW0BoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706262121; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3ofk/uIX66Qg4iaEWZmFiu0CQQ1tRssMhL7OXvkF5Kg=; b=Y0Ygd/IF2n5eXX2ErsKUKtEEo+A15HpmK9m1bnknnwAE5IATzGMAV9Ru1bObaK0a3IU4rt 17hUvwR8mUqjMCVGfrrwfryeQ9QdCHIc/Tg89kGbocybbNTC0bzpK+3iSC322oCp0dn3dW 7S+84/EUSDnpaQ0sbD1Dx9AdZyCy6NeyM8hA/uIEhV7u43k1Rlv1S/6lrVNxnRc0Cn+RxL tUphRAfm7NLBJSRxHdHMXmqkbqcmIezvfycAs9PKVakMy2enWxUVALGXqYvNfZ6BcR4HN6 62uZyfSH+xKAu2VpCBCj9OGqVcQ9dfLPP1wBmCxnkWvJLk9zK2zvTJQLOKefYQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706262121; a=rsa-sha256; cv=none; b=gnQBOoccOeIcTxZiR0PufaA1Al7+p5cgQPhPqG4lC0hBYORmo2Inr+iPFQlRDYmgwA08cj 96RJhjQ8/PyPNyhCct4rIqSwi4uBa4Zb46J3CU89xIvFEcscv9bWNvLWWQ1AbsjGH+l0d6 rCfGc6qCppj4oTHmO04c7zH4j6Ydk+bcKuuoIe5HYPpzSSfYs6m2FaVBTFi52cj0/zWONd J3lDqkDBtLDkA6Rqsiw1WAfCaFAkqWvFfh9a1OCCQWdDK9GQ403hcbO/oaF8xmVFmnXVPM e9GABVROA5IjaJE3fAWFVjLPVHewgMwZMMei+CfPKNobr2Bl+PBzVHVX3Awcyw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TLt5533WSzcKy; Fri, 26 Jan 2024 09:42:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40Q9g1p2036854; Fri, 26 Jan 2024 09:42:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40Q9g1sC036851; Fri, 26 Jan 2024 09:42:01 GMT (envelope-from git) Date: Fri, 26 Jan 2024 09:42:01 GMT Message-Id: <202401260942.40Q9g1sC036851@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Fechner Subject: git: 708f3b2e6d15 - main - security/vuxml: document gitlab vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mfechner X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 708f3b2e6d1504d6d0ff999e4d1a875ec129ad34 Auto-Submitted: auto-generated The branch main has been updated by mfechner: URL: https://cgit.FreeBSD.org/ports/commit/?id=708f3b2e6d1504d6d0ff999e4d1a875ec129ad34 commit 708f3b2e6d1504d6d0ff999e4d1a875ec129ad34 Author: Matthias Fechner AuthorDate: 2024-01-26 09:41:32 +0000 Commit: Matthias Fechner CommitDate: 2024-01-26 09:41:32 +0000 security/vuxml: document gitlab vulnerabilities --- security/vuxml/vuln/2024.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 10cec0fd7dc3..a407178cf534 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,40 @@ + + Gitlab -- vulnerabilities + + + gitlab-ce + 16.8.016.8.1 + 16.7.016.7.4 + 16.6.016.6.6 + 12.7.016.5.8 + + + + +

Gitlab reports:

+
+

Arbitrary file write while creating workspace

+

ReDoS in Cargo.toml blob viewer

+

Arbitrary API PUT requests via HTML injection in user's name

+

Disclosure of the public email in Tags RSS Feed

+

Non-Member can update MR Assignees of owned MRs

+
+ +
+ + CVE-2024-0402 + CVE-2023-6159 + CVE-2023-5933 + CVE-2023-5612 + CVE-2024-0456 + https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ + + + 2024-01-25 + 2024-01-26 + +
+ jenkins -- multiple vulnerabilities