[Git][security-tracker-team/security-tracker][master] gitlab and knot-resolved acked for removal from stretch
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 10 08:43:57 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c2bb95db by Salvatore Bonaccorso at 2018-11-10T08:43:01Z
gitlab and knot-resolved acked for removal from stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1144,12 +1144,10 @@ CVE-2018-18647 [Unauthorized changes to a protected branch's access levels]
CVE-2018-18646 [SSRF in Hipchat integration]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18645 [Information exposure when replying to issues through email]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18644 [Metrics information disclosure in Prometheus integration]
RESERVED
@@ -1166,12 +1164,10 @@ CVE-2018-18642 [Persistent XSS in License Management and Security Reports]
CVE-2018-18641 [Cleartext storage of personal access tokens]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18640 [Information exposure in stored browser history]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18639
RESERVED
@@ -4146,7 +4142,6 @@ CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2
CVE-2018-17455 [IDOR merge request approvals]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17454 [Persistent XSS on issue details]
RESERVED
@@ -4161,7 +4156,6 @@ CVE-2018-17453 [GRPC::Unknown logging token disclosure]
CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17451 [Slack integration CSRF Oauth2]
RESERVED
@@ -7325,16 +7319,13 @@ CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16051 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/6012
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Missing CSRF in System Hooks]
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16049 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/46967
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49272
NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
@@ -9148,7 +9139,6 @@ CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formu
CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
RESERVED
- gitlab <unfixed>
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467
RESERVED
@@ -11261,7 +11251,6 @@ CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Editi
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab 10.8.7+dfsg-1
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition ...)
- gitlab 10.8.7+dfsg-1
@@ -11976,7 +11965,6 @@ CVE-2018-14365
RESERVED
CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...)
- gitlab 10.7.7+dfsg-2 (bug #904026)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...)
{DSA-4277-1 DLA-1455-1}
@@ -16232,11 +16220,9 @@ CVE-2018-XXXX [gitlab: Activity feed publicly displaying internal project names]
NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-XXXX [gitlab: Content injection via username]
- gitlab 10.7.7+dfsg-2 (bug #902726)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12606 (An issue was discovered in GitLab Community Edition and Enterprise ...)
- gitlab 10.7.7+dfsg-2 (bug #902726)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12605 (An issue was discovered in GitLab Community Edition and Enterprise ...)
- gitlab 10.7.7+dfsg-2 (bug #902726)
@@ -19213,7 +19199,6 @@ CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
CVE-2017-0921 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
[experimental] - gitlab 10.7.5+dfsg-1
- gitlab 10.7.7+dfsg-2 (bug #900522)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS - Selecting users as allowed merge request approvers]
[experimental] - gitlab 10.7.5+dfsg-1
@@ -20954,7 +20939,6 @@ CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed i
NOT-FOR-US: ttembed
CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot ...)
- knot-resolver 2.4.1-1 (bug #905325)
- [stretch] - knot-resolver <ignored> (To be removed in next point release)
NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an ...)
@@ -25140,7 +25124,6 @@ CVE-2018-9286
RESERVED
CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4 are ...)
- gitlab 10.6.3+dfsg-1 (bug #894869)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 are ...)
- gitlab 10.6.3+dfsg-1 (bug #894868)
@@ -25148,7 +25131,6 @@ CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 a
NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook integrations]
- gitlab 10.6.3+dfsg-1 (bug #894867)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, ...)
NOT-FOR-US: ASUS
@@ -26518,7 +26500,6 @@ CVE-2018-8802 (SQL injection vulnerability in the management interface in ePorta
NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
- gitlab 10.5.6+dfsg-1 (bug #893905)
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800
RESERVED
@@ -36075,7 +36056,6 @@ CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
CVE-2018-1000002 (Improper input validation bugs in DNSSEC validators components in Knot ...)
- knot-resolver 1.5.2-1
- [stretch] - knot-resolver <ignored> (To be removed in next point release)
NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html
NOTE: prior to 1.5.1 memcached module was called kmemcached
CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...)
@@ -49185,7 +49165,6 @@ CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and
CVE-2018-1110 [Improper Input Validation]
RESERVED
- knot-resolver 2.3.0-1 (bug #896681)
- [stretch] - knot-resolver <ignored> (To be removed in next point release)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
CVE-2018-1109
RESERVED
@@ -100720,7 +100699,6 @@ CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, a
NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0919 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
- gitlab 10.5.5+dfsg-1
- [stretch] - gitlab <ignored> (Scheduled for removal in next point release)
NOTE: https://hackerone.com/reports/301137
NOTE: Fixed in 10.1.6, 10.2.6, and 10.3.4
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2bb95db58bf095c222b4ea8079b7398df48f581
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c2bb95db58bf095c222b4ea8079b7398df48f581
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181110/7b66ac14/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list