[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add bug reference for gitlab issues

Salvatore Bonaccorso carnil at debian.org
Fri Jan 26 14:07:38 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3148e04c by Salvatore Bonaccorso at 2018-01-26T15:07:01+01:00
Add bug reference for gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6270,7 +6270,7 @@ CVE-2018-3711
 	RESERVED
 CVE-2018-3710 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
 	NOT-FOR-US: Muviko
@@ -64237,15 +64237,15 @@ CVE-2017-0928
 	RESERVED
 CVE-2017-0927 [Guest Users Can Give Deploy Keys in Other Projects Write Access]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0926 [Login with Disabled OAuth Provider via POST]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0924 [XSS in Label Dropdown]
 	RESERVED
@@ -64254,7 +64254,7 @@ CVE-2017-0924 [XSS in Label Dropdown]
 	TODO: check, possibly not affecting Debian version since onlys starting from 9.0.0 according advisory
 CVE-2017-0923 [Jupyter Notebook XSS]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0922 [Milestone Authorization Issue on Boards]
 	RESERVED
@@ -64269,19 +64269,19 @@ CVE-2017-0919
 	RESERVED
 CVE-2017-0918 [GitLab CI Runner Can Read and Poison Cache of All Other Projects]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0917 [Cross-site scripting (XSS) vulnerability in CI job output]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0916 [Critical Vulnerability with Command Injection via Webhooks]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	RESERVED
-	- gitlab <unfixed>
+	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0914 [Critical SQL Injection in MilestoneFinder]
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3148e04cc36121ad03a372705dcd6121324d2670
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180126/2378f1a0/attachment.html>

More information about the Secure-testing-commits mailing list