Date: Thu, 14 Nov 2013 17:11:15 +0100 From: Jacob Vosmaer <jacob@...lab.com> To: oss-security@...ts.openwall.com Subject: Requesting four (4) CVE identifiers for GitLab -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 We have just released a new security advisory for GitLab at http://blog.gitlab.org/multiple-critical-vulnerabilities-in-gitlab/, concerning the following four vulnerabilities: - Unauthenticated API access to GitLab when using MySQL - Remote code execution vulnerability via Git SSH access in GitLab - Local file inclusion vulnerability in GitLab - Repository access privilege escalation vulnerability in GitLab We would like to request four CVE identifiers for these issues. Thanks to joernchen of http://www.phenoelit.org/ for reporting these issues to us. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJShPXnAAoJEB2vXw0YK62W0G0IAKUHfE/D4VtAo8Wf6tvv5d29 gvam1TXScSwId1U1mOQQi8Qm1+OlNffJ4fG30LXSD3/AHN5i/40e0F9jLLo4Q4U5 UVsNdKbRw/0c/g/2hPtXc9jer85lS9j6hJ5xlwj8QfRvcwyEIJSAuANR8zkupL6p GtsTuiH8RMJWabI5ohxi11J3kDMHj9ILY1f3y9WFwDJaN6VViHfjW2yVy5QzW1gw mFMJlNcQbPs6wssQ/4ogJZSXsEoxdpjeWhjDCnGFZSyEQXWfRdWIV9Epx7nAoomP soFiTDgnyYSqI1J1viGhUCZn+y1rFyLEZvfelt028gh5o5IAutP3RMZyqIMWG9U= =donG -----END PGP SIGNATURE----- Best regards, Jacob Vosmaer GitLab.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.