[DRE-maint] Bug#872190: gitlab: CVE-2017-12426: Remote Command Execution in git client
Pirate Praveen
praveen at debian.org
Thu Aug 17 12:54:43 UTC 2017
On Tue, 15 Aug 2017 07:40:59 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:> If you fix the vulnerability please also
make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This is already fixed in git 1:2.11.0-3+deb9u1. The patch in gitlab is
extra step to prevent in case of a vulnerable git. Since debian already
has the fixed version of git, I don't think we need to do anything to
gitlab.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20170817/1cc8dd8f/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list