Debian Gitlab vulnerabilities

CVE-2013-4582 [MEDIUM] CVE-2013-4582: gitlab - The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project ... The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interfa

CVE-2013-4583 [HIGH] CVE-2013-4583: gitlab - The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Commun... The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. Scope: local sid: resolved

CVE-2013-7316 [MEDIUM] CVE-2013-7316: gitlab - Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before... Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html. Scope: local sid: resolved

CVE-2013-4546 [MEDIUM] CVE-2013-4546: gitlab - The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, a... The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. Scope: local sid: resolved

CVE-2013-4489 [MEDIUM] CVE-2013-4489: gitlab - The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, ... The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. Scope: local sid: resolved