Your message dated Thu, 05 Apr 2018 09:20:56 +0000
with message-id <e1f414i-000gbo...@fasolo.debian.org>
and subject line Bug#894868: fixed in gitlab 10.6.3+dfsg-1
has caused the Debian Bug report #894868,
regarding gitlab: Persistent XSS in milestones data-milestone-id
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
894868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gitlab
Version: 10.6.2+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: clone -1 -2 -3
Control: retitle -1 gitlab: Confidential issue comments in Slack, Mattermost,
and webhook integrations
Control: retitle -2 gitlab: Persistent XSS in milestones data-milestone-id
Control: retitle -3 gitlab: Persistent XSS in filename of merge request
Control: found -1 8.13.11+dfsg1-8
Control: found -3 8.13.11+dfsg1-8
Hi
New gitlab release fixing three issues. Will fill three bugs for it
since no CVEs are assigned (yet) to clearly identify the issues
(cloning this bug report to three bugs).
See:
https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gitlab
Source-Version: 10.6.3+dfsg-1
We believe that the bug you reported is fixed in the latest version of
gitlab, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 894...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 05 Apr 2018 14:05:46 +0530
Source: gitlab
Binary: gitlab
Architecture: source all
Version: 10.6.3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Pirate Praveen <prav...@debian.org>
Description:
gitlab - git powered software platform to collaborate on code (non-omnibus
Closes: 894867 894868 894869
Changes:
gitlab (10.6.3+dfsg-1) unstable; urgency=medium
.
* New upstream version 10.6.3 (Closes: #894867, #894868, #894869)
Checksums-Sha1:
5e6c1d5316a03e025f9791d2f19e6c0e3b699b3e 2523 gitlab_10.6.3+dfsg-1.dsc
4caee2dd495f5ce58b20dd9f1cf7d399f52b2543 42803908
gitlab_10.6.3+dfsg.orig.tar.xz
5b47be5b9a0273f47d1453585ec4596aebfc6b7c 62116
gitlab_10.6.3+dfsg-1.debian.tar.xz
bfd3790e1aaab823e55a17e355ffa5c44a00537a 43263430 gitlab_10.6.3+dfsg-1_all.deb
27459b471d6a9de85064e2a19996a71c90cefd28 8285
gitlab_10.6.3+dfsg-1_amd64.buildinfo
Checksums-Sha256:
7fa0d00feabb0fb0a884969a4fb0c84d5e2884fd05c3ef3459aa5b37eb9f7df1 2523
gitlab_10.6.3+dfsg-1.dsc
b39f076c58aba00cbee9a4ffdd1da900d09b74570b2006abd2965264a8b744e3 42803908
gitlab_10.6.3+dfsg.orig.tar.xz
8a66c55220e37327ecc9faeaa9420e27d9546ffe81e95c4ce43b7230dd5c0904 62116
gitlab_10.6.3+dfsg-1.debian.tar.xz
5d3649e2322e67f49cb93dacf8684e680a61c7bfd200a5010f583ddf504b4940 43263430
gitlab_10.6.3+dfsg-1_all.deb
2fd173ab25f56b0a4fdad473f65c5add0f99b9505eddd15d7a145d09eb466cc2 8285
gitlab_10.6.3+dfsg-1_amd64.buildinfo
Files:
776215a4c9a793ed7eee8d7bbf755b6d 2523 contrib/net optional
gitlab_10.6.3+dfsg-1.dsc
b92585c7d6979986f67a90a042477bb4 42803908 contrib/net optional
gitlab_10.6.3+dfsg.orig.tar.xz
a2503776d60de6161efe3150e8ba57d3 62116 contrib/net optional
gitlab_10.6.3+dfsg-1.debian.tar.xz
b195ad78445a3aedd0f056582b846215 43263430 contrib/net optional
gitlab_10.6.3+dfsg-1_all.deb
9525dccde38763a931fe4260f7ddd87b 8285 contrib/net optional
gitlab_10.6.3+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlrF5TMACgkQzh+cZ0US
wipqVRAAi6La5Yebm/5HzylmCPpdiq4u35UbLcniSZAsLrfyYWhd2fEwKeTtLq9n
U3EbhdDy4xT9N9LQVf3BFo8CyGdTcSEmAvsyp252p32qJI6srpoOoCagv4R+tnrG
0YYZm1G9qlu4fyhHurTWfkK9s+A4jB2TdT98pC7Ad+QNdtXOfVL6v8gS1AGTeltD
DvQuUDcQVEoXcXpOeJovl9GGy8MlmJeK8L3Dd2JkZJmbQ5HIfjKwT2HbdQOaYpAI
zSAfPjRxOQ/qupvfJbJzfStc7MccJal7wWrTgYCOC6N1I+XfFg3dA3zzXQ/hNZRq
OcDsPCnt7GttttRoarG+BXRuTXwjkO7OTWiDGziaFr4Hm6cnmX5UpMdgUoHPkkdi
5OnKIrcuxDPxgtf/cJ/tXF//y1/Fcg3M3+J06ImxnPsZE9yNeEPGGgxlP9AH5QXT
8wgLM5VsqVvig35Bz36m18AGVP4rNFgyjRw1LJdGf2+PFkzSZeZPwu8e3C0HNFu2
iDjWL7ex7oml5cuEvdAssEXN3zTC1NUrNFn24n5K5IgptQcC9MoHeMLJc7ss1R0A
iDsAtdeuP4HVs7t/rLxE+GQZmhcJYmQMAAUzfW8Q42wc5NkWmx0lhaSJ6tDUpcdj
OCiYlEaq6mmbkR2uYs2vVrOs/D02o2gs2xsbupEX4wYcGwuManM=
=au0m
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers