mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity

security/vuxml: document gitlab vulnerabilities

Browse source
This commit is contained in:
Matthias Fechner 2025-01-08 21:07:15 +02:00
parent 2187243d7e
commit 6b9aff1437
3 changed files with 37 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
security/vuxml/files/tidy.xsl
View file

@ -47,6 +47,7 @@ result in more namespace declarations than we wish.
<!ENTITY vuln-2022 SYSTEM "vuln/2022.xml"> <!ENTITY vuln-2022 SYSTEM "vuln/2022.xml">
<!ENTITY vuln-2023 SYSTEM "vuln/2023.xml"> <!ENTITY vuln-2023 SYSTEM "vuln/2023.xml">
<!ENTITY vuln-2024 SYSTEM "vuln/2024.xml"> <!ENTITY vuln-2024 SYSTEM "vuln/2024.xml">
<!ENTITY vuln-2025 SYSTEM "vuln/2025.xml">
]> ]>
]]></xsl:text> ]]></xsl:text>
<xsl:apply-templates /> <xsl:apply-templates />

2
security/vuxml/vuln.xml
View file

@ -22,6 +22,7 @@
<!ENTITY vuln-2022 SYSTEM "vuln/2022.xml"> <!ENTITY vuln-2022 SYSTEM "vuln/2022.xml">
<!ENTITY vuln-2023 SYSTEM "vuln/2023.xml"> <!ENTITY vuln-2023 SYSTEM "vuln/2023.xml">
<!ENTITY vuln-2024 SYSTEM "vuln/2024.xml"> <!ENTITY vuln-2024 SYSTEM "vuln/2024.xml">
<!ENTITY vuln-2025 SYSTEM "vuln/2025.xml">
]> ]>
<!-- <!--
Copyright 2003-2024 Jacques Vidrine and contributors Copyright 2003-2024 Jacques Vidrine and contributors
@ -80,6 +81,7 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
--> -->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
&vuln-2025;
&vuln-2024; &vuln-2024;
&vuln-2023; &vuln-2023;
&vuln-2022; &vuln-2022;

34
security/vuxml/vuln/2025.xml Normal file
View file

@ -0,0 +1,34 @@
<vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
<p>Possible access token exposure in GitLab logs</p>
<p>Cyclic reference of epics leads resource exhaustion</p>
<p>Unauthorized user can manipulate status of issues in public projects</p>
<p>Instance SAML does not respect external_provider configuration</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2025-0194</cvename>
<cvename>CVE-2024-6324</cvename>
<cvename>CVE-2024-12431</cvename>
<cvename>CVE-2024-13041</cvename>
<url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
</references>
<dates>
<discovery>2025-01-08</discovery>
<entry>2025-01-08</entry>
</dates>
</vuln>