[Secure-testing-commits] r54814 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 17 17:18:02 UTC 2017


Author: carnil
Date: 2017-08-17 17:18:02 +0000 (Thu, 17 Aug 2017)
New Revision: 54814

Modified:
   data/CVE/list
Log:
Mark gitlab issue as unimportant, since git fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-17 15:19:55 UTC (rev 54813)
+++ data/CVE/list	2017-08-17 17:18:02 UTC (rev 54814)
@@ -1679,8 +1679,11 @@
 	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456
 CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before ...)
-	- gitlab <unfixed> (bug #872190)
+	- gitlab <unfixed> (bug #872190; unimportant)
 	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
+	NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself.
+	NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
+	NOTE: which becomes ineffective with a fixed git version itself.
 CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate ...)
 	- shadow <unfixed> (bug #756630)
 	[stretch] - shadow <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list