[DRE-maint] Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

Moritz Mühlenhoff jmm at inutil.org
Wed Feb 14 18:37:54 UTC 2018


On Fri, Jan 26, 2018 at 10:14:16PM +0530, Pirate Praveen wrote:
> On വെള്ളി 26 ജനുവരി 2018 07:32 വൈകു, Salvatore Bonaccorso wrote:
> > See
> > https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
> > for which several go back to 8.9.0 versions.
> > 
> > There are three CVEs out of
> > https://security-tracker.debian.org/tracker/source-package/gitlab
> > belonging to that list wich are yet marked undetermined, because not
> > clear from the advisory if 8.13.11=dfsg1-12 might be affected.
> > But assuming the 'version affected' information is correct, they are
> > not, please confirm so we can adjust the security-tracker information.
> 
> We are working on backporting the patches (8.13.12 don't have most of
> these patches). We will confirm once we go through all of it.

What's the status?

Cheers,
        Moritz



More information about the Pkg-ruby-extras-maintainers mailing list