Debian Bug report logs -
#921059
gitlab: CVE-2019-6781 CVE-2019-6782 CVE-2019-6783 CVE-2019-6784 CVE-2019-6785 CVE-2019-6786 CVE-2019-6787 CVE-2019-6788 CVE-2019-6789 CVE-2019-6790 CVE-2019-6791 CVE-2019-6792 CVE-2019-6794 CVE-2019-6795 CVE-2019-6796 CVE-2019-6960 CVE-2019-6995 CVE-2019-6997 CVE-2019-7155 CVE-2019-7176
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 1 Feb 2019 07:18:02 UTC
Severity: grave
Tags: security, upstream
Found in version gitlab/11.5.7+dfsg-1
Fixed in version gitlab/11.5.10+dfsg-1
Done: Pirate Praveen <praveen@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#921059; Package src:gitlab.
(Fri, 01 Feb 2019 07:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Fri, 01 Feb 2019 07:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: gitlab
Version: 11.5.7+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
See
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
for details to the announce and fixes in 11.7.3, 11.6.8, and 11.5.10.
Regards,
Salvatore
Reply sent
to Pirate Praveen <praveen@debian.org>:
You have taken responsibility.
(Sat, 02 Feb 2019 15:24:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 02 Feb 2019 15:24:03 GMT) (full text, mbox, link).
Message #10 received at 921059-close@bugs.debian.org (full text, mbox, reply):
Source: gitlab
Source-Version: 11.5.10+dfsg-1
We believe that the bug you reported is fixed in the latest version of
gitlab, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 921059@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pirate Praveen <praveen@debian.org> (supplier of updated gitlab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 Feb 2019 18:14:16 +0530
Source: gitlab
Binary: gitlab gitlab-common
Architecture: source all
Version: 11.5.10+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Pirate Praveen <praveen@debian.org>
Description:
gitlab - git powered software platform to collaborate on code (non-omnibus
gitlab-common - git powered software platform to collaborate on code (common)
Closes: 921059
Changes:
gitlab (11.5.10+dfsg-1) unstable; urgency=medium
.
* New upstream version 11.5.10+dfsg (Closes: #921059) (Fixes: CVE-2019-6781,
CVE-2019-6782, CVE-2019-6783, CVE-2019-6784, CVE-2019-6785, CVE-2019-6786,
CVE-2019-6787, CVE-2019-6788, CVE-2019-6789, CVE-2019-6790, CVE-2019-6791,
CVE-2019-6792, CVE-2019-6794, CVE-2019-6795, CVE-2019-6796, CVE-2019-6960,
CVE-2019-6995, CVE-2019-6997, CVE-2019-7155, CVE-2019-7176)
* Refresh patches
* Add ruby-zip as dependency
* Relax dependency on ruby-carrierwave
Checksums-Sha1:
ff5b3cc1c13b19fb50b43a8a18d26f7e19f1a393 2304 gitlab_11.5.10+dfsg-1.dsc
17396adb37cd420d7a4bf93a0305baabaa316c78 46140960 gitlab_11.5.10+dfsg.orig.tar.xz
9b0f5679dace605c72456c7f9b255365499bc65b 68176 gitlab_11.5.10+dfsg-1.debian.tar.xz
993c4198be8067273d728e369dfe14c22fb52d39 146160 gitlab-common_11.5.10+dfsg-1_all.deb
78af45b4cfbd9ac79d7d84196fdf749ec569d6c0 46641676 gitlab_11.5.10+dfsg-1_all.deb
11296665667e4baa78e9f7fc3f6d8910849cd3b4 9013 gitlab_11.5.10+dfsg-1_amd64.buildinfo
Checksums-Sha256:
e41e6b6f7594f2a2d0d1346ec6623aaa5c2c2ad2cc62153a767f9e2c42795538 2304 gitlab_11.5.10+dfsg-1.dsc
0d238c833de0cba6ea02784ebc6c0b1c9205136f01157e9cd1c5fc6a10cb67b2 46140960 gitlab_11.5.10+dfsg.orig.tar.xz
4dfe15b388f287e3c63dc8bc3c5d8abd0cf22d654700c96fac0ff2db189820eb 68176 gitlab_11.5.10+dfsg-1.debian.tar.xz
2da843783407081d69725cdc6f3204c81822aeaf11318c33685fe1cacd88322c 146160 gitlab-common_11.5.10+dfsg-1_all.deb
42bc45e7e6d747a79fa1c9e2d2a4aeec9e1ab7de2e292270cc776b6fbb94a0ca 46641676 gitlab_11.5.10+dfsg-1_all.deb
9df605abd950703813bc3d18112b49e0a5b1af450da8e3904270f0325e25aa56 9013 gitlab_11.5.10+dfsg-1_amd64.buildinfo
Files:
d181e1e3e936ee36990d4b284aa78fb3 2304 net optional gitlab_11.5.10+dfsg-1.dsc
039825c4bd75502c26f2af7469dd9cf8 46140960 net optional gitlab_11.5.10+dfsg.orig.tar.xz
b2bbc304fc20405c7b2d4676e0ce163a 68176 net optional gitlab_11.5.10+dfsg-1.debian.tar.xz
bc60a9a9c24cd71bd7312bb027355721 146160 net optional gitlab-common_11.5.10+dfsg-1_all.deb
25931bf0497236778d58f19d69da8329 46641676 contrib/net optional gitlab_11.5.10+dfsg-1_all.deb
2b33c1cf551cb79482179b2b8cb02780 9013 net optional gitlab_11.5.10+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/OFtr184QaN6dPMgC3aSB2Kmt4UFAlxVoeQACgkQC3aSB2Km
t4W4WxAAqhlIvACS2qNdPE9MrVKjAZEwG11ZmaTlKNUK6Sj9KKofROfl7saTAJLr
By35bHdjReAfEZijgzSLyYMp3T1NMoOCRjLpefxMBvMjfjVrxkIuOoSK5dc22ws5
5XVVqXa6X+mDRMejr/9BIr5aObnd+xi9SpZllGF6Nvb5uL+dUmNrilippSIVCWws
LVrPwqvoOdsy3pebOVnCKPPebnTxIu+7C7vnHevYI0IzvI3yxVSdleurn5AT0kxT
lADZWhdIf8qn2Sfe4yCZ19f2rJ2+2CR/8JCugT58cUDBULoXC2PxFhLS2TZCHT4/
4QUxCUlcRw+4T5J79JU1sUMASN4HOq1ki7Q2CvESNCw/X4MAxagMM630Cgntu3ql
E4kYOX4Fo6iYdbKwXyWo13okTQHCaNRSjMpQabSmUzPkrs9l24egGcvP9Ju8FCwJ
a1uoY+QxrfmhCeWb0NGBoiwMTs7/L/hhvV1t5ov4VG8PpZyMfUxy7FMQjYhHIq8S
+DsaFlDsLnFn28CqCjYTRQ+glJcCraphcUC0YR9/H1MP+W0N9UEaRoL7t99/pUEq
NSAS3dOMnGNaHFkzP1HQcThgTtFik2awmabGlu8fVszXEgznXf2+VObZotwoY8pt
0sJuh4iVXJ86i6jbtTI6boag1HJVvVy5VBrPaD9P/3OiL9m4Qnc=
=1Ad/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 03 Mar 2019 07:38:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:08:45 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon