Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3148e04c by Salvatore Bonaccorso at 2018-01-26T15:07:01+01:00
Add bug reference for gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6270,7 +6270,7 @@ CVE-2018-3711
RESERVED
CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow
remote ...)
NOT-FOR-US: Muviko
@@ -64237,15 +64237,15 @@ CVE-2017-0928
RESERVED
CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0926 [Login with Disabled OAuth Provider via POST]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services
API]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0924 [XSS in Label Dropdown]
RESERVED
@@ -64254,7 +64254,7 @@ CVE-2017-0924 [XSS in Label Dropdown]
TODO: check, possibly not affecting Debian version since onlys starting
from 9.0.0 according advisory
CVE-2017-0923 [Jupyter Notebook XSS]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0922 [Milestone Authorization Issue on Boards]
RESERVED
@@ -64269,19 +64269,19 @@ CVE-2017-0919
RESERVED
CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other
Projects]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
RESERVED
- - gitlab <unfixed>
+ - gitlab <unfixed> (bug #888508)
NOTE:
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0914 [Critical SQL Injection in MilestoneFinder]
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
