Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdb50af9 by Salvatore Bonaccorso at 2018-10-02T06:09:13Z
Add new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -651,10 +651,14 @@ CVE-2018-17539
RESERVED
CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence
Sync ...)
NOT-FOR-US: Axon Evidence Sync
-CVE-2018-17537
+CVE-2018-17537 [Persistent XSS package.json]
RESERVED
-CVE-2018-17536
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17536 [Persistent XSS merge request project import]
RESERVED
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17535
RESERVED
CVE-2018-17534
@@ -811,20 +815,34 @@ CVE-2018-17457
RESERVED
CVE-2018-17456
RESERVED
-CVE-2018-17455
+CVE-2018-17455 [IDOR merge request approvals]
RESERVED
-CVE-2018-17454
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17454 [Persistent XSS on issue details]
RESERVED
-CVE-2018-17453
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17453 [GRPC::Unknown logging token disclosure]
RESERVED
-CVE-2018-17452
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17452 [validate_localhost function in url_blocker.rb could be
bypassed]
RESERVED
-CVE-2018-17451
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17451 [Slack integration CSRF Oauth2]
RESERVED
-CVE-2018-17450
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17450 [SSRF GCP access token disclosure]
RESERVED
-CVE-2018-17449
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17449 [Confidential information disclosure in events API endpoint]
RESERVED
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17448
RESERVED
CVE-2018-17447
@@ -5650,8 +5668,10 @@ CVE-2018-15475
RESERVED
CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or
Formula ...)
TODO: check
-CVE-2018-15472
+CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
RESERVED
+ - gitlab <unfixed>
+ NOTE:
https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467
RESERVED
CVE-2018-15466
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdb50af927384d75fef60244c5a6c732e2809f52
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdb50af927384d75fef60244c5a6c732e2809f52
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
