[DRE-maint] Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

Salvatore Bonaccorso carnil at debian.org
Fri Jan 26 14:02:05 UTC 2018


Source: gitlab
Version: 8.13.11+dfsg1-12
Severity: grave
Tags: upstream security

Hi 

See
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
for which several go back to 8.9.0 versions.

There are three CVEs out of
https://security-tracker.debian.org/tracker/source-package/gitlab
belonging to that list wich are yet marked undetermined, because not
clear from the advisory if 8.13.11=dfsg1-12 might be affected.
But assuming the 'version affected' information is correct, they are
not, please confirm so we can adjust the security-tracker information.

Regards,
Salvatore


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled



More information about the Pkg-ruby-extras-maintainers mailing list