[Secure-testing-commits] r39250 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jan 28 07:25:34 UTC 2016
Author: carnil
Date: 2016-01-28 07:25:34 +0000 (Thu, 28 Jan 2016)
New Revision: 39250
Modified:
data/CVE/list
Log:
Mark gitlab as unfixed, need to check unstable version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-28 06:48:44 UTC (rev 39249)
+++ data/CVE/list 2016-01-28 07:25:34 UTC (rev 39250)
@@ -34069,7 +34069,8 @@
NOTE: http://github.com/mantisbt/mantisbt/commit/5faf97ab (master)
CVE-2014-8540
RESERVED
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for ...)
NOT-FOR-US: Hijab Modern (aka com.Aisyaidea.HijabModern) application for Android
CVE-2014-8537 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
@@ -47014,7 +47015,8 @@
CVE-2014-3457
RESERVED
CVE-2014-3456 (Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2014-3455 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
NOT-FOR-US: MediaWiki extension SemanticForms
CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -52015,7 +52017,8 @@
CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
NOT-FOR-US: CS-Cart
CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through ...)
{DSA-2842-1}
- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
@@ -63030,14 +63033,18 @@
[squeeze] - perdition <no-dsa> (Minor issue)
CVE-2013-4583
RESERVED
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4582 [Local file inclusion vulnerability]
RESERVED
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4580 (GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in ...)
- linux-2.6 <not-affected> (ath9k not yet present)
- linux 3.12.8-1 (bug #729573)
@@ -63160,7 +63167,8 @@
- nginx 1.4.4-1 (bug #730012)
[squeeze] - nginx <not-affected> (Only applies to 0.8.41 - 1.5.6)
CVE-2013-4546 (The repository import feature in gitlab-shell before 1.7.4, as used in ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, ...)
{DSA-2798-1}
- curl 7.33.0-1
@@ -63435,9 +63443,11 @@
- rails <not-affected> (Vulnerable code not present)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...)
- - gitlab <itp> (bug #651606)
+ - gitlab <unfixed>
+ TODO: check version which entered the archive
CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL ...)
- libgadu <unfixed> (unimportant)
NOTE: Intentional design decision
More information about the Secure-testing-commits
mailing list