[DRE-maint] Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory
Balasankar C
balasankarc at autistici.org
Mon Mar 12 06:10:35 UTC 2018
Hi,
As per the upstream blogpost,
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ ,
the applicability of the CVEs listed at
https://security-tracker.debian.org/tracker/source-package/gitlab to
version of GitLab in Stretch is as follows.
CVE-2018-3710 - Applicable to version in Stretch (8.13.11)
CVE-2017-0927 - Applicable to version in Stretch (8.13.11)
CVE-2017-0926 - Applicable to version in Stretch (8.13.11)
CVE-2017-0925 - Applicable to version in Stretch (8.13.11)
CVE-2017-0923 - Applicable to version in Stretch (8.13.11)
CVE-2017-0918 - Applicable to version in Stretch (8.13.11)
CVE-2017-0916 - Applicable to version in Stretch (8.13.11)
CVE-2017-0915 - Applicable to version in Stretch (8.13.11)
CVE-2017-0914 - Not applicable to version in Stretch (8.13.11)
CVE-2017-0917 - Not applicable to version in Stretch (8.13.11)
Regarding CVE-2017-0923, I will confirm if it is indeed applicable or
not, since the feature was introduced in version 9.1 only
(https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10017) .
Regards
Balasankar C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20180312/802003b9/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list