[Git][security-tracker-team/security-tracker][master] One older gitlab issue got a CVE (but not all of the gitlab-10-dot-3-dot-4-released advisory)
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 4 09:19:20 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2873005a by Salvatore Bonaccorso at 2018-07-04T10:18:49+02:00
One older gitlab issue got a CVE (but not all of the gitlab-10-dot-3-dot-4-released advisory)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4080,7 +4080,7 @@ CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
- gitlab <unfixed> (bug #900522)
[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
-CVE-2018-XXXX [gitlab: Users can update their password without entering current password]
+CVE-2017-0921 [gitlab: Users can update their password without entering current password]
[experimental] - gitlab 10.7.5+dfsg-1
- gitlab <unfixed> (bug #900522)
NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
@@ -84489,8 +84489,6 @@ CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
- gitlab 10.5.5+dfsg-1
[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-CVE-2017-0921 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
- TODO: check
CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
{DSA-4206-1}
- gitlab 10.5.5+dfsg-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2873005ac91b95c1ba01d4ea6e36ad8873fa1e08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2873005ac91b95c1ba01d4ea6e36ad8873fa1e08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180704/223df067/attachment.html>
More information about the debian-security-tracker-commits
mailing list