Hi, On Sat, 6 May 2017 10:43:13 +0200 Tomasz Buchert <tom...@debian.org> wrote: > > Hi, > in this case I'm going to close my request in #861914, and let you > take care of it.
I just confirmed that this vulnerability does not apply to the GitLab version we have in Debian. This is because the SVG rendering feature was introduced in a later version and this vulnerability applies only to the ones with that feature. So, I will be reverting the commit I pushed to gitlab source repository in alioth and once 8.13.11+dfsg1-5 migrates to Testing, all will be well. Thanks for the report Salvatore and the help Tomasz. It's encouraging to see others are also looking at this package. Because of the above reasons, I will be closing this issue.
signature.asc
Description: PGP signature
