Hi, As per the upstream blogpost, https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ , the applicability of the CVEs listed at https://security-tracker.debian.org/tracker/source-package/gitlab to version of GitLab in Stretch is as follows.
CVE-2018-3710 - Applicable to version in Stretch (8.13.11) CVE-2017-0927 - Applicable to version in Stretch (8.13.11) CVE-2017-0926 - Applicable to version in Stretch (8.13.11) CVE-2017-0925 - Applicable to version in Stretch (8.13.11) CVE-2017-0923 - Applicable to version in Stretch (8.13.11) CVE-2017-0918 - Applicable to version in Stretch (8.13.11) CVE-2017-0916 - Applicable to version in Stretch (8.13.11) CVE-2017-0915 - Applicable to version in Stretch (8.13.11) CVE-2017-0914 - Not applicable to version in Stretch (8.13.11) CVE-2017-0917 - Not applicable to version in Stretch (8.13.11) Regarding CVE-2017-0923, I will confirm if it is indeed applicable or not, since the feature was introduced in version 9.1 only (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10017) . Regards Balasankar C
signature.asc
Description: OpenPGP digital signature
