Source: gitlab Version: 8.13.11+dfsg1-8 Severity: grave Tags: security upstream Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
Hi, the following vulnerability was published for gitlab. CVE-2017-12426[0]: | GitLab Community Edition (CE) and Enterprise Edition (EE) before | 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, | 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote | attackers to execute arbitrary code via a crafted SSH URL in a project | import. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12426 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12426 [1] https://gitlab.com/gitlab-org/gitlab-ce/issues/35212 [2] https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/ Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team