[DRE-maint] Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

Pirate Praveen praveen at debian.org
Fri Jan 26 16:44:16 UTC 2018


On വെള്ളി 26 ജനുവരി 2018 07:32 വൈകു, Salvatore Bonaccorso wrote:
> See
> https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
> for which several go back to 8.9.0 versions.
> 
> There are three CVEs out of
> https://security-tracker.debian.org/tracker/source-package/gitlab
> belonging to that list wich are yet marked undetermined, because not
> clear from the advisory if 8.13.11=dfsg1-12 might be affected.
> But assuming the 'version affected' information is correct, they are
> not, please confirm so we can adjust the security-tracker information.

We are working on backporting the patches (8.13.12 don't have most of
these patches). We will confirm once we go through all of it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20180126/5d7c55c4/attachment.sig>


More information about the Pkg-ruby-extras-maintainers mailing list