Your message dated Wed, 21 Mar 2018 18:05:27 +0000 with message-id <e1eyi75-000aco...@fasolo.debian.org> and subject line Bug#888508: fixed in gitlab 10.5.5+dfsg-1 has caused the Debian Bug report #888508, regarding gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888508 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gitlab Version: 8.13.11+dfsg1-12 Severity: grave Tags: upstream security Hi See https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ for which several go back to 8.9.0 versions. There are three CVEs out of https://security-tracker.debian.org/tracker/source-package/gitlab belonging to that list wich are yet marked undetermined, because not clear from the advisory if 8.13.11=dfsg1-12 might be affected. But assuming the 'version affected' information is correct, they are not, please confirm so we can adjust the security-tracker information. Regards, Salvatore -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 10.5.5+dfsg-1 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 18 Mar 2018 15:17:08 +0530 Source: gitlab Binary: gitlab Architecture: source Version: 10.5.5+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Pirate Praveen <prav...@debian.org> Description: gitlab - git powered software platform to collaborate on code (non-omnibus Closes: 888508 890757 Changes: gitlab (10.5.5+dfsg-1) unstable; urgency=medium . [ Dmitry Smirnov ] * Depends += "ruby-excon (>= 0.60.0~)" * Added new patch to fix Markdown rendering (Closes: #890757). * Depends: set minimum version for "rake". . [ Pirate Praveen ] * New upstream version 10.5.5 (Closes: #888508) - Fixes multiple security vulnerabilities in 10.3.4 (CVE-2017-0914, CVE-2017-0916, CVE-2017-0917, CVE-2017-0918, CVE-2017-0923, CVE-2017-0925, CVE-2017-0926, CVE-2017-0927, CVE-2017-3710) * Remove files no longer present in vendor from Files-Excluded * Refresh patches * Add new node-* dependencies already in the archive as depends * Tighten dependencies * Bump debhelper compat to 10 and standards version to 4.1.3 Checksums-Sha1: 8335491d4fa010ec1ae525b33c24f9ae300eb2b8 2523 gitlab_10.5.5+dfsg-1.dsc 9f726e11889c0bd7f5e730c019f1468c349ee8fe 44727574 gitlab_10.5.5+dfsg.orig.tar.gz 76ba841f3f52f394c3ba1f3aa5eaeaa9a1b40b32 61472 gitlab_10.5.5+dfsg-1.debian.tar.xz 9ba15455174c4a67b7b2fc8fc2d99a5bd1d67ecf 8025 gitlab_10.5.5+dfsg-1_source.buildinfo Checksums-Sha256: a206cdf1042f34c33cfd339c41c97c380dfb2b31df3a0e30d9525c772f756db1 2523 gitlab_10.5.5+dfsg-1.dsc d75e02a5c428bf5201ba6a96eeba7346dd16bb489093940b9623509b4d0f3654 44727574 gitlab_10.5.5+dfsg.orig.tar.gz 6af9dbaa6e1dec89abdc0bd2a3993f081296c155a871d80e3ad5a3fe07de1b14 61472 gitlab_10.5.5+dfsg-1.debian.tar.xz e5a45f9e917c2ff6063ee079f60d1111994b1ac30a45ccef5097b103681716e7 8025 gitlab_10.5.5+dfsg-1_source.buildinfo Files: 905ab61ee2a44a36c8af3491446616e7 2523 contrib/net optional gitlab_10.5.5+dfsg-1.dsc 21f94a6b4537850d46fd7cece9d54d76 44727574 contrib/net optional gitlab_10.5.5+dfsg.orig.tar.gz 193dff203a7aecff132699c058364c73 61472 contrib/net optional gitlab_10.5.5+dfsg-1.debian.tar.xz 5db348f2df8c57f988f1cde2c3a1ea93 8025 contrib/net optional gitlab_10.5.5+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlqymPgACgkQzh+cZ0US wiolmQ/9HhPbci8NCEwMgQt907NrV5z0c12xecspXzWxShjK6oxhzr9mtmpYdkUF T0ITuYaY0ChAPSZPaO8WilMk8MYD11o3Ebay73NwLm8mvIhTHBvTKuU4EbR8zYGw gceVYcTTv4uBYwNp/VfHzAfq+xrqC/9uyy71OXFB73ddK/dm/kkUoevNvn67T6oq cvpe82Zh8xAL+d/DLQv/SGiKewozrlFtzNkp4J87yrl1n4Solyc0Z+/6xvepMOal aWwGE29fKo6bg44K3FKc3kqTiH3sNv6STpBf6a157Co5vSwpFhmPmWwjg8rk6GXo nXFtlaQMZ4NVJZt1T4vemasryrciaEWqSg75bEzlODiBvg9qD5Nf+QfkRBDhWpBO ue28i0EmRMd/FLQe6YFn6BY434q0cux6Gz/aqrXvlMAfw5bx+Qd4hQKa4KOGO3So oXRhoS31KkIRaP3DGjAOKDNxw9975Hth2NWHhEjUGjkyzKJncAsNmuJna9AmmxX+ 4UuxrGmBQxxlRE2kj2DTjwIXuXleSJM/tBLv/8lJWGL7QFOiH4/ABio30D3yr4WK yP/oxdBqgFEGfnq+4j+h1ge9PV8cxNoON2YFOqVtiLkJK983/ZFZG2DsTVOhk6s0 BjbSCHTFQewzaIMgbawfmHD0XmMRbdCupO3uommF5QHiFNArEWM= =Dh+N -----END PGP SIGNATURE-----
--- End Message ---
