[DRE-maint] Bug#872190: gitlab: CVE-2017-12426: Remote Command Execution in git client
Pirate Praveen
praveen at debian.org
Thu Aug 17 17:55:42 UTC 2017
On വ്യാഴം 17 ആഗസ്റ്റ് 2017 10:46 വൈകു, Salvatore Bonaccorso wrote:
> Agree, we can at least lower the severity and thanks a lot for the
> followup. The CVE seem to be specific assigned for the "via a crafted
> SSH URL in a project import". Can you close this bug once the gitlab
> version contains as well this extra safety measure if still running
> with older git?
yes.
> For the security tracker I have already downgraded the severity to
> unimportant.
thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20170817/64286b31/attachment-0001.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list