[DRE-maint] Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 26 14:02:05 UTC 2018
Source: gitlab
Version: 8.13.11+dfsg1-12
Severity: grave
Tags: upstream security
Hi
See
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
for which several go back to 8.9.0 versions.
There are three CVEs out of
https://security-tracker.debian.org/tracker/source-package/gitlab
belonging to that list wich are yet marked undetermined, because not
clear from the advisory if 8.13.11=dfsg1-12 might be affected.
But assuming the 'version affected' information is correct, they are
not, please confirm so we can adjust the security-tracker information.
Regards,
Salvatore
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-ruby-extras-maintainers
mailing list