Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAB8Fin8wpU8YZ6Zie=LTfdpJashiQTpRbj6x5kQH5yZpZ2n8Ow@mail.gmail.com>
Date: Thu, 14 Nov 2013 17:11:15 +0100
From: Jacob Vosmaer <jacob@...lab.com>
To: oss-security@...ts.openwall.com
Subject: Requesting four (4) CVE identifiers for GitLab

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

We have just released a new security advisory for GitLab at
http://blog.gitlab.org/multiple-critical-vulnerabilities-in-gitlab/,
concerning the following four vulnerabilities:

 - Unauthenticated API access to GitLab when using MySQL
 - Remote code execution vulnerability via Git SSH access in GitLab
 - Local file inclusion vulnerability in GitLab
 - Repository access privilege escalation vulnerability in GitLab

We would like to request four CVE identifiers for these issues.

Thanks to joernchen of http://www.phenoelit.org/ for reporting these issues
to us.

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJShPXnAAoJEB2vXw0YK62W0G0IAKUHfE/D4VtAo8Wf6tvv5d29
gvam1TXScSwId1U1mOQQi8Qm1+OlNffJ4fG30LXSD3/AHN5i/40e0F9jLLo4Q4U5
UVsNdKbRw/0c/g/2hPtXc9jer85lS9j6hJ5xlwj8QfRvcwyEIJSAuANR8zkupL6p
GtsTuiH8RMJWabI5ohxi11J3kDMHj9ILY1f3y9WFwDJaN6VViHfjW2yVy5QzW1gw
mFMJlNcQbPs6wssQ/4ogJZSXsEoxdpjeWhjDCnGFZSyEQXWfRdWIV9Epx7nAoomP
soFiTDgnyYSqI1J1viGhUCZn+y1rFyLEZvfelt028gh5o5IAutP3RMZyqIMWG9U=
=donG
-----END PGP SIGNATURE-----

Best regards,

Jacob Vosmaer
GitLab.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.