FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitlab -- Remote code execution on project import

Affected packages
gitlab < 10.1.6

Details

VuXML ID 65fab89f-2231-46db-8541-978f4e87f32a
Discovery 2018-01-16
Entry 2018-01-17

GitLab developers report:

Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately.

References

CVE Name CVE-2017-0915
CVE Name CVE-2018-3710
URL https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/