[Secure-testing-commits] r51372 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat May 6 18:19:01 UTC 2017
Author: carnil
Date: 2017-05-06 18:19:01 +0000 (Sat, 06 May 2017)
New Revision: 51372
Modified:
data/CVE/list
Log:
CVE-2017-8778 tracked down by maintainer, mark as not-affected
The issue is said to only apply to later gitlab versions. The version in
Debian as per 8.13.11+dfsg1-3 does not yet have the SVG rendering
feature.
See BTS backlog in https://bugs.debian.org/861870
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-06 18:09:17 UTC (rev 51371)
+++ data/CVE/list 2017-05-06 18:19:01 UTC (rev 51372)
@@ -53,7 +53,7 @@
CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during ...)
NOT-FOR-US: GenixCMS
CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...)
- - gitlab <unfixed> (bug #861870)
+ - gitlab <not-affected> (SVG rendering feature introduced later, cf. bug #861870)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
CVE-2017-8777
RESERVED
More information about the Secure-testing-commits
mailing list