[Git][security-tracker-team/security-tracker][master] Four CVEs fixed in experimental for gitlab

Salvatore Bonaccorso carnil at debian.org
Tue Nov 20 05:21:49 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3371fb02 by Salvatore Bonaccorso at 2018-11-20T05:21:22Z
Four CVEs fixed in experimental for gitlab

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1963,10 +1963,12 @@ CVE-2018-18647 [Unauthorized changes to a protected branch's access levels]
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18646 [SSRF in Hipchat integration]
 	RESERVED
+	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18645 [Information exposure when replying to issues through email]
 	RESERVED
+	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18644 [Metrics information disclosure in Prometheus integration]
@@ -1983,10 +1985,12 @@ CVE-2018-18642 [Persistent XSS in License Management and Security Reports]
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18641 [Cleartext storage of personal access tokens]
 	RESERVED
+	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18640 [Information exposure in stored browser history]
 	RESERVED
+	[experimental] - gitlab 11.2.8+dfsg-1
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
 CVE-2018-18639



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3371fb0233ff5b25f166197fff57f9729e5381ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3371fb0233ff5b25f166197fff57f9729e5381ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181120/3e2681c9/attachment.html>

More information about the debian-security-tracker-commits mailing list