diff options
| author | Matthias Fechner <mfechner@FreeBSD.org> | 2025-01-08 19:07:15 +0000 |
|---|---|---|
| committer | Matthias Fechner <mfechner@FreeBSD.org> | 2025-01-08 19:07:47 +0000 |
| commit | 6b9aff14373e0fea32f1ef24eca4a1e5b617315c (patch) | |
| tree | b4db284dea41399ade0f14309ec2d8209f61f430 | |
| parent | 2187243d7e8650516ac4185a57f06ac1c714debc (diff) | |
security/vuxml: document gitlab vulnerabilities
| -rw-r--r-- | security/vuxml/files/tidy.xsl | 1 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 2 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 34 |
3 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl index 41f3532cf1e3..c890e51e0d72 100644 --- a/security/vuxml/files/tidy.xsl +++ b/security/vuxml/files/tidy.xsl @@ -47,6 +47,7 @@ result in more namespace declarations than we wish. <!ENTITY vuln-2022 SYSTEM "vuln/2022.xml"> <!ENTITY vuln-2023 SYSTEM "vuln/2023.xml"> <!ENTITY vuln-2024 SYSTEM "vuln/2024.xml"> +<!ENTITY vuln-2025 SYSTEM "vuln/2025.xml"> ]> ]]></xsl:text> <xsl:apply-templates /> diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6fd3b10b8c3c..ba7314a9e226 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -22,6 +22,7 @@ <!ENTITY vuln-2022 SYSTEM "vuln/2022.xml"> <!ENTITY vuln-2023 SYSTEM "vuln/2023.xml"> <!ENTITY vuln-2024 SYSTEM "vuln/2024.xml"> +<!ENTITY vuln-2025 SYSTEM "vuln/2025.xml"> ]> <!-- Copyright 2003-2024 Jacques Vidrine and contributors @@ -80,6 +81,7 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> +&vuln-2025; &vuln-2024; &vuln-2023; &vuln-2022; diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml new file mode 100644 index 000000000000..5588926228b8 --- /dev/null +++ b/security/vuxml/vuln/2025.xml @@ -0,0 +1,34 @@ + <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>17.7.0</ge><lt>17.7.1</lt></range> + <range><ge>17.6.0</ge><lt>17.6.3</lt></range> + <range><ge>11.0.0</ge><lt>17.5.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/"> + <p>Possible access token exposure in GitLab logs</p> + <p>Cyclic reference of epics leads resource exhaustion</p> + <p>Unauthorized user can manipulate status of issues in public projects</p> + <p>Instance SAML does not respect external_provider configuration</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-0194</cvename> + <cvename>CVE-2024-6324</cvename> + <cvename>CVE-2024-12431</cvename> + <cvename>CVE-2024-13041</cvename> + <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url> + </references> + <dates> + <discovery>2025-01-08</discovery> + <entry>2025-01-08</entry> + </dates> + </vuln> |