[Git][security-tracker-team/security-tracker][master] Some gitlab issues n/a

Moritz Muehlenhoff jmm at debian.org
Wed Oct 3 19:44:44 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbdb7964 by Moritz Muehlenhoff at 2018-10-03T18:44:05Z
Some gitlab issues n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -852,10 +852,12 @@ CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync
 CVE-2018-17537 [Persistent XSS package.json]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17536 [Persistent XSS merge request project import]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17535
 	RESERVED
@@ -1020,10 +1022,12 @@ CVE-2018-17455 [IDOR merge request approvals]
 CVE-2018-17454 [Persistent XSS on issue details]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17453 [GRPC::Unknown logging token disclosure]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
 	RESERVED
@@ -1032,14 +1036,17 @@ CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
 CVE-2018-17451 [Slack integration CSRF Oauth2]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17450 [SSRF GCP access token disclosure]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 10.2 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17449 [Confidential information disclosure in events API endpoint]
 	RESERVED
 	- gitlab <unfixed>
+	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
 	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
 CVE-2018-17448
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbdb7964e5199cbc98a324ae3c359838838706bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbdb7964e5199cbc98a324ae3c359838838706bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181003/2864db16/attachment.html>

More information about the debian-security-tracker-commits mailing list