[Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for gitlab

Salvatore Bonaccorso carnil at debian.org
Sun Jun 3 16:12:59 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daceeea1 by Salvatore Bonaccorso at 2018-06-03T17:12:09+02:00
Track fixed version via experimental for gitlab

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -311,29 +311,36 @@ CVE-2018-11542
 CVE-2018-11541
 	RESERVED
 CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Users can update their password without entering current password]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Persistent XSS - Selecting users as allowed merge request approvers]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 9.1)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Persistent XSS - Multiple locations of user selection drop downs]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 9.1)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: include directive in .gitlab-ci.yml allows SSRF requests]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.5)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Permissions issue in Merge Requests Create Service]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.6)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Arbitrary assignment of project fields using Import project]
+	[experimental] - gitlab 10.7.5+dfsg-1
 	- gitlab <unfixed> (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.4)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daceeea15724d5d5839bccd9bbbc0a372672e4eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daceeea15724d5d5839bccd9bbbc0a372672e4eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180603/528c9e92/attachment.html>

More information about the debian-security-tracker-commits mailing list