[Git][security-tracker-team/security-tracker][master] Add new gitlab issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdb50af9 by Salvatore Bonaccorso at 2018-10-02T06:09:13Z
Add new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -651,10 +651,14 @@ CVE-2018-17539
 	RESERVED
 CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync ...)
 	NOT-FOR-US: Axon Evidence Sync
-CVE-2018-17537
+CVE-2018-17537 [Persistent XSS package.json]
 	RESERVED
-CVE-2018-17536
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17536 [Persistent XSS merge request project import]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17535
 	RESERVED
 CVE-2018-17534
@@ -811,20 +815,34 @@ CVE-2018-17457
 	RESERVED
 CVE-2018-17456
 	RESERVED
-CVE-2018-17455
+CVE-2018-17455 [IDOR merge request approvals]
 	RESERVED
-CVE-2018-17454
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17454 [Persistent XSS on issue details]
 	RESERVED
-CVE-2018-17453
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17453 [GRPC::Unknown logging token disclosure]
 	RESERVED
-CVE-2018-17452
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
 	RESERVED
-CVE-2018-17451
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17451 [Slack integration CSRF Oauth2]
 	RESERVED
-CVE-2018-17450
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17450 [SSRF GCP access token disclosure]
 	RESERVED
-CVE-2018-17449
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
+CVE-2018-17449 [Confidential information disclosure in events API endpoint]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17448
 	RESERVED
 CVE-2018-17447
@@ -5650,8 +5668,10 @@ CVE-2018-15475
 	RESERVED
 CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula ...)
 	TODO: check
-CVE-2018-15472
+CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
 	RESERVED
+	- gitlab <unfixed>
+	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-15467
 	RESERVED
 CVE-2018-15466



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdb50af927384d75fef60244c5a6c732e2809f52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdb50af927384d75fef60244c5a6c732e2809f52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181002/c1b9ab77/attachment.html>