[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Mar 9 11:42:32 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e51d5f3 by Moritz Muehlenhoff at 2018-03-09T12:41:59+01:00
NFUs
tag some older gitlab status bits

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -69567,18 +69567,18 @@ CVE-2017-0925 [Sensitive Fields Exposed to Admins / Masters in the Services API]
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0924 [XSS in Label Dropdown]
 	RESERVED
-	- gitlab <undetermined>
+	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.0 and later)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-	TODO: check, possibly not affecting Debian version since onlys starting from 9.0.0 according advisory
 CVE-2017-0923 [Jupyter Notebook XSS]
 	RESERVED
 	- gitlab <unfixed> (bug #888508)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0922 [Milestone Authorization Issue on Boards]
 	RESERVED
-	- gitlab <undetermined>
+	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-	NOTE: check, possibly not affecting Debian version since onlys starting from 9.1.0 according advisory
 CVE-2017-0921
 	RESERVED
 CVE-2017-0920
@@ -69604,9 +69604,9 @@ CVE-2017-0915 [Remote Code Execution Vulnerability in GitLab Projects Import]
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0914 [Critical SQL Injection in MilestoneFinder]
 	RESERVED
-	- gitlab <undetermined>
+	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
-	TODO: check, possibly not affecting Debian version since onlys starting from 9.4.0 according advisory
 CVE-2017-0913
 	RESERVED
 CVE-2017-0912
@@ -86782,7 +86782,7 @@ CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c
 	NOTE: https://c-ares.haxx.se/adv_20160929.html
 	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
 CVE-2016-5179 (Chrome OS before 53.0.2785.144 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Chrome OS
 CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3683-1}
 	- chromium-browser 53.0.2785.143-1
@@ -154673,9 +154673,9 @@ CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
 	{DSA-2849-1}
 	- curl 7.35.0-1
 CVE-2014-0014 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
-	TODO: check
+	NOT-FOR-US: Ember.js
 CVE-2014-0013 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
-	TODO: check
+	NOT-FOR-US: Ember.js
 CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ...)
 	- jinja2 2.7.2-2 (bug #734956)
 	[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
@@ -181582,7 +181582,7 @@ CVE-2012-3537 (The Crowbar Ohai plugin ...)
 	NOT-FOR-US: crowbar ohai plugin
 	NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
 CVE-2012-3536 (Two XSS vulnerabilities were fixed in message list and view in the ...)
-	TODO: check
+	NOT-FOR-US: Apache James
 CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...)
 	{DSA-2629-1}
 	- openjpeg 1.3+dfsg-4.6 (bug #685970)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e51d5f3c9945accd9be71d5a9a499e653a89332

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8e51d5f3c9945accd9be71d5a9a499e653a89332
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180309/4163012f/attachment.html>

More information about the Secure-testing-commits mailing list