[Git][security-tracker-team/security-tracker][master] Several gitlab issues adressed now in unstable with the 10.7.7+dfsg-2 upload

Salvatore Bonaccorso carnil at debian.org
Fri Oct 12 20:53:10 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05996cdc by Salvatore Bonaccorso at 2018-10-12T19:52:37Z
Several gitlab issues adressed now in unstable with the 10.7.7+dfsg-2 upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9605,7 +9605,7 @@ CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8
 CVE-2018-14365
 	RESERVED
 CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...)
-	- gitlab <unfixed> (bug #904026)
+	- gitlab 10.7.7+dfsg-2 (bug #904026)
 	NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
 CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not ...)
 	{DSA-4277-1 DLA-1455-1}
@@ -13840,21 +13840,21 @@ CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and
 CVE-2018-1000401 (Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-12607 (An issue was discovered in GitLab Community Edition and Enterprise ...)
-	- gitlab <unfixed> (bug #902726)
+	- gitlab 10.7.7+dfsg-2 (bug #902726)
 	[stretch] - gitlab <not-affected> (Only affects >= 10.5)
 	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
 CVE-2018-XXXX [gitlab: Activity feed publicly displaying internal project names]
-	- gitlab <unfixed> (bug #902726)
+	- gitlab 10.7.7+dfsg-2 (bug #902726)
 	[stretch] - gitlab <not-affected> (Only affects >= 10.7)
 	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
 CVE-2018-XXXX [gitlab: Content injection via username]
-	- gitlab <unfixed> (bug #902726)
+	- gitlab 10.7.7+dfsg-2 (bug #902726)
 	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
 CVE-2018-12606 (An issue was discovered in GitLab Community Edition and Enterprise ...)
-	- gitlab <unfixed> (bug #902726)
+	- gitlab 10.7.7+dfsg-2 (bug #902726)
 	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
 CVE-2018-12605 (An issue was discovered in GitLab Community Edition and Enterprise ...)
-	- gitlab <unfixed> (bug #902726)
+	- gitlab 10.7.7+dfsg-2 (bug #902726)
 	[stretch] - gitlab <not-affected> (Only affects 10.7)
 	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
 CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive ...)
@@ -16783,36 +16783,36 @@ CVE-2018-11541 (A root privilege escalation vulnerability in the Sonus SBC 1000
 	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
 CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2017-0921 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Persistent XSS - Selecting users as allowed merge request approvers]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 9.1)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Persistent XSS - Multiple locations of user selection drop downs]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 9.1)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: include directive in .gitlab-ci.yml allows SSRF requests]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.5)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Permissions issue in Merge Requests Create Service]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.6)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-XXXX [gitlab: Arbitrary assignment of project fields using Import project]
 	[experimental] - gitlab 10.7.5+dfsg-1
-	- gitlab <unfixed> (bug #900522)
+	- gitlab 10.7.7+dfsg-2 (bug #900522)
 	[stretch] - gitlab <not-affected> (Introduced in 10.4)
 	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
 CVE-2018-11540



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05996cdca272b57b7b30b1f90cf821d87cdc1481

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05996cdca272b57b7b30b1f90cf821d87cdc1481
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181012/80d1a2c4/attachment.html>

More information about the debian-security-tracker-commits mailing list