[DRE-maint] Bug#872190: gitlab: CVE-2017-12426: Remote Command Execution in git client
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 15 05:40:59 UTC 2017
Source: gitlab
Version: 8.13.11+dfsg1-8
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
Hi,
the following vulnerability was published for gitlab.
CVE-2017-12426[0]:
| GitLab Community Edition (CE) and Enterprise Edition (EE) before
| 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10,
| 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote
| attackers to execute arbitrary code via a crafted SSH URL in a project
| import.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12426
[1] https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
[2] https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list