Hi,

As per the upstream blogpost,
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ ,
the applicability of the CVEs listed at
https://security-tracker.debian.org/tracker/source-package/gitlab to
version of GitLab in Stretch is as follows.

CVE-2018-3710 - Applicable to version in Stretch (8.13.11)
CVE-2017-0927 - Applicable to version in Stretch (8.13.11)
CVE-2017-0926 - Applicable to version in Stretch (8.13.11)
CVE-2017-0925 - Applicable to version in Stretch (8.13.11)
CVE-2017-0923 - Applicable to version in Stretch (8.13.11)
CVE-2017-0918 - Applicable to version in Stretch (8.13.11)
CVE-2017-0916 - Applicable to version in Stretch (8.13.11)
CVE-2017-0915 - Applicable to version in Stretch (8.13.11)

CVE-2017-0914 - Not applicable to version in Stretch (8.13.11)
CVE-2017-0917 - Not applicable to version in Stretch (8.13.11)

Regarding CVE-2017-0923, I will confirm if it is indeed applicable or
not, since the feature was introduced in version 9.1 only
(https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10017) .


Regards
Balasankar C

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers

Reply via email to