Your message dated Wed, 14 Aug 2019 12:05:22 +0000 with message-id <e1hxs1q-0000p9...@fasolo.debian.org> and subject line Bug#934708: fixed in gitlab 11.11.8+dfsg-1 has caused the Debian Bug report #934708, regarding gitlab: CVE-2019-14942 CVE-2019-14944 (GitLab Critical Security Release: 12.1.6, 12.0.6, and 11.11.8) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 934708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934708 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gitlab Version: 11.8.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for gitlab, another round of gitlab issues. Where this time only two CVE are affecting the versions present in Debian. CVE-2019-14942[0]: Insecure Cookie Handling on GitLab Pages CVE-2019-14944[1]: Multiple Command-Line Flag Injection Vulnerabilities If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14942 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14942 [1] https://security-tracker.debian.org/tracker/CVE-2019-14944 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14944 [2] https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 11.11.8+dfsg-1 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 934...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sruthi Chandran <s...@debian.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Aug 2019 17:14:06 +0530 Source: gitlab Architecture: source Version: 11.11.8+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Sruthi Chandran <s...@debian.org> Closes: 934708 Changes: gitlab (11.11.8+dfsg-1) experimental; urgency=medium . * New upstream security release 11.11.8+dfsg (Closes: #934708) (Fixes: CVE-2019-14942 CVE-2019-14944) * Remove embedded jaeger-client, opentracing and thrift Checksums-Sha1: f5c42e0077144b10f41f030a09d9b3ea4eebfef8 2353 gitlab_11.11.8+dfsg-1.dsc 5398a8533b135c8c458bf053493051f07d01efd9 68196380 gitlab_11.11.8+dfsg.orig.tar.xz c07826748142dab954853b6a85cfdd4bc9ba7d12 1174776 gitlab_11.11.8+dfsg-1.debian.tar.xz 3ab13702442c1f2c52a419210e8f04493ad5b612 11640 gitlab_11.11.8+dfsg-1_source.buildinfo Checksums-Sha256: 9bfdc29c414ce6064248da8ff895daed6a25b262440777bd8b06c550159164d7 2353 gitlab_11.11.8+dfsg-1.dsc 6849f6906f76e13b1c93f105e87601b4e5d9d6e5a1d4b08e7f7126ea47f934eb 68196380 gitlab_11.11.8+dfsg.orig.tar.xz 7344227d4b5b76d19a226cdcd157c1938c27a4c0b46dd22e0fcf5ec99c7b0e38 1174776 gitlab_11.11.8+dfsg-1.debian.tar.xz 857f30574cf706e44cd3c5f2a42609c6cc56babcd808db0c0e7b8b9069cf6ea9 11640 gitlab_11.11.8+dfsg-1_source.buildinfo Files: 006a6a8e00cdf953b6830e8448566486 2353 net optional gitlab_11.11.8+dfsg-1.dsc 8dae1c64b68b4c2740a8235b7b3dc6ea 68196380 net optional gitlab_11.11.8+dfsg.orig.tar.xz 5b48f36175c28d65d20e4ac3ae17354d 1174776 net optional gitlab_11.11.8+dfsg-1.debian.tar.xz f7cdceafe815c6d956d425518279abfe 11640 net optional gitlab_11.11.8+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEsclPZxif+sAmSPvz1N6yL8C5bhUFAl1T9cUACgkQ1N6yL8C5 bhVChw//dmUmyN+NBrInI3UNCCGJU0lQCzGAVMn62gzhOUftAYScAk3Se4NECEU/ sPtwDEoqLlNT+JO9xcfGFRHPr/A7iT3Ndo65uQyWLTq9mcgiZSYKAdrTnHRdKoer ak+jXbO1IEWEJU3AqCHV/kQeNjmUNEe7P1GXTj8GerCfvROhR5zSl2x86XLIxvQC o4H9OnjPIz/f+8BGljQTFcMspsccJYs9fs18tZxWuu2+x8DUcbOvLkE494cSF+h8 59Oh1Q09/HVlvEAyrFJ8e7wBv1zvEwjW91wEg0dokj688E6auQ/y46Eg1IRUDtD9 wEJRLqKgzWAhYeKq+7TSfmQzQFMuc6Ee71C33/n4/wry9wFpE64MwveOKc3Xkwb5 H19A7FGCA0LVudJUY/vHekTv3WtUvq3zQCYPHfnzJkQpO7J4skh+sJ6j3lOIsTwq 3Go9jKKMUCG25LxpiMkhEkTubLFX8PJvAA6nDO77CUioc5F27Ho/dITrl9JlB7dv vsl6IEsPdb+JDpGTNo5orc4hpwEmWkMFvDUQwxG+kW4RSk2UrgIqHKwTQsbxXwDW diOEA8e3u9EIQkug+ch3l+ymB2IbyA0F3hDB4abiEyHGXptKUNFJp5w3FxCOyYUJ BXdz28l26uMQbXfzdvtCbf3kZmeWb+7MxrKEK29NGl2xhb9q7CA= =xnl8 -----END PGP SIGNATURE-----
--- End Message ---
