[DRE-maint] Bug#861870: gitlab: CVE-2017-8778
Salvatore Bonaccorso
carnil at debian.org
Fri May 5 04:19:29 UTC 2017
Source: gitlab
Version: 8.13.11+dfsg1-3
Severity: grave
Tags: upstream security
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
Hi,
the following vulnerability was published for gitlab. Please note I
was not able to verfy that affects back 8.13.11, and the merge request
has restricted access. Can you confirm 8.13.11+dfsg1-3 is affected as
well?
CVE-2017-8778[0]:
| GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5
| has XSS via a SCRIPT element in an issue attachment or avatar that is
| an SVG document.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8778
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list