Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3148e04c by Salvatore Bonaccorso at 2018-01-26T15:07:01+01:00 Add bug reference for gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -6270,7 +6270,7 @@ CVE-2018-3711 RESERVED CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...) NOT-FOR-US: Muviko @@ -64237,15 +64237,15 @@ CVE-2017-0928 RESERVED CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0926 [Login with Disabled OAuth Provider via POST] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0924 [XSS in Label Dropdown] RESERVED @@ -64254,7 +64254,7 @@ CVE-2017-0924 [XSS in Label Dropdown] TODO: check, possibly not affecting Debian version since onlys starting from 9.0.0 according advisory CVE-2017-0923 [Jupyter Notebook XSS] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0922 [Milestone Authorization Issue on Boards] RESERVED @@ -64269,19 +64269,19 @@ CVE-2017-0919 RESERVED CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other Projects] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import] RESERVED - - gitlab <unfixed> + - gitlab <unfixed> (bug #888508) NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ CVE-2017-0914 [Critical SQL Injection in MilestoneFinder] RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits