[Secure-testing-commits] r54814 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 17 17:18:02 UTC 2017
Author: carnil
Date: 2017-08-17 17:18:02 +0000 (Thu, 17 Aug 2017)
New Revision: 54814
Modified:
data/CVE/list
Log:
Mark gitlab issue as unimportant, since git fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-17 15:19:55 UTC (rev 54813)
+++ data/CVE/list 2017-08-17 17:18:02 UTC (rev 54814)
@@ -1679,8 +1679,11 @@
NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456
CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before ...)
- - gitlab <unfixed> (bug #872190)
+ - gitlab <unfixed> (bug #872190; unimportant)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
+ NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself.
+ NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
+ NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate ...)
- shadow <unfixed> (bug #756630)
[stretch] - shadow <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list