[Secure-testing-commits] r53728 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jul 21 04:30:40 UTC 2017
Author: carnil
Date: 2017-07-21 04:30:40 +0000 (Fri, 21 Jul 2017)
New Revision: 53728
Modified:
data/CVE/list
Log:
Add two gitlab issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-21 04:19:16 UTC (rev 53727)
+++ data/CVE/list 2017-07-21 04:30:40 UTC (rev 53728)
@@ -132,10 +132,16 @@
NOT-FOR-US: Sitecore
CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the ...)
NOT-FOR-US: Sitecore
-CVE-2017-11438
+CVE-2017-11438 [Projects in subgroups authorization bypass with SQL wildcards]
RESERVED
-CVE-2017-11437
+ - gitlab <undetermined>
+ NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
+ TODO: check, claimed to not affect 8.17.x so possibly as well not our versions
+CVE-2017-11437 [Unauthorized repository access by using project mirrors and CI]
RESERVED
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905
+ NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 ...)
NOT-FOR-US: D-Link
CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an ...)
More information about the Secure-testing-commits
mailing list