Your message dated Thu, 14 Mar 2019 12:49:51 +0000 with message-id <e1h4pnz-000hek...@fasolo.debian.org> and subject line Bug#924447: fixed in gitlab 11.8.2-1 has caused the Debian Bug report #924447, regarding gitlab: CVE-2019-9170 CVE-2019-9171 CVE-2019-9172 CVE-2019-9174 CVE-2019-9175 CVE-2019-9176 CVE-2019-9178 CVE-2019-9179 CVE-2019-9217 CVE-2019-9219 CVE-2019-9220 CVE-2019-9221 CVE-2019-9222 CVE-2019-9223 CVE-2019-9224 CVE-2019-9225 CVE-2019-9485 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924447 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gitlab Version: 11.5.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 11.8.0-1 Hi, The following vulnerabilities were published for gitlab, filling for tracking purpose. CVE-2019-9170[0]: IDOR milestone name information disclosure CVE-2019-9171[1]: Milestone name disclosure CVE-2019-9172[2]: Merge request information disclosure CVE-2019-9174[3]: Blind SSRF in prometheus integration CVE-2019-9175[4]: Burndown chart information disclosure CVE-2019-9176[5]: CSRF add Kubernetes cluster integration CVE-2019-9178[6]: Private merge request titles in public project information disclosure CVE-2019-9179[7]: Private namespace disclosure in email notification when issue is moved CVE-2019-9217[8]: NPM automatic package referencer CVE-2019-9219[9]: Issue board name disclosure CVE-2019-9220[10]: Issue DoS via Mermaid CVE-2019-9221[11]: Arbitrary file read via MergeRequestDiff CVE-2019-9222[12]: Path traversal snippet mover CVE-2019-9223[13]: Information disclosure repo existence CVE-2019-9224[14]: Milestone name disclosure CVE-2019-9225[15]: Issue board name disclosure CVE-2019-9485[16]: Privilege escalation impersonate user If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9170 [1] https://security-tracker.debian.org/tracker/CVE-2019-9171 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9171 [2] https://security-tracker.debian.org/tracker/CVE-2019-9172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9172 [3] https://security-tracker.debian.org/tracker/CVE-2019-9174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9174 [4] https://security-tracker.debian.org/tracker/CVE-2019-9175 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9175 [5] https://security-tracker.debian.org/tracker/CVE-2019-9176 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9176 [6] https://security-tracker.debian.org/tracker/CVE-2019-9178 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9178 [7] https://security-tracker.debian.org/tracker/CVE-2019-9179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9179 [8] https://security-tracker.debian.org/tracker/CVE-2019-9217 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9217 [9] https://security-tracker.debian.org/tracker/CVE-2019-9219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9219 [10] https://security-tracker.debian.org/tracker/CVE-2019-9220 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9220 [11] https://security-tracker.debian.org/tracker/CVE-2019-9221 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9221 [12] https://security-tracker.debian.org/tracker/CVE-2019-9222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9222 [13] https://security-tracker.debian.org/tracker/CVE-2019-9223 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9223 [14] https://security-tracker.debian.org/tracker/CVE-2019-9224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9224 [15] https://security-tracker.debian.org/tracker/CVE-2019-9225 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9225 [16] https://security-tracker.debian.org/tracker/CVE-2019-9485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9485 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 11.8.2-1 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sruthi Chandran <s...@disroot.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 Mar 2019 17:09:17 +0530 Source: gitlab Binary: gitlab gitlab-common Architecture: source Version: 11.8.2-1 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Sruthi Chandran <s...@disroot.org> Description: gitlab - git powered software platform to collaborate on code (non-omnibus gitlab-common - git powered software platform to collaborate on code (common) Closes: 924447 Changes: gitlab (11.8.2-1) experimental; urgency=medium . * New upstream version 11.8.2 (Closes: #924447) (Fixes: CVE-2019-9170, CVE-2019-9171, CVE-2019-9172, CVE-2019-9174, CVE-2019-9175, CVE-2019-9176, CVE-2019-9178, CVE-2019-9179, CVE-2019-9217, CVE-2019-9219, CVE-2019-9220, CVE-2019-9221, CVE-2019-9222, CVE-2019-9223, CVE-2019-9224, CVE-2019-9225, CVE-2019-9485) * Refresh patches and remove 0120-remove-tracing-group.patch * Embed opentracing, jaeger-client and thrift Checksums-Sha1: 84490fdfa89de7c7ab33f098031a9081a423a697 2268 gitlab_11.8.2-1.dsc ae43cfc7e2d54d8b9fc4565f8fec3cc752b962ba 47910676 gitlab_11.8.2.orig.tar.xz cae6b77e870ded5d40289129d453e6d269de413a 1213552 gitlab_11.8.2-1.debian.tar.xz 0d926c2d15cbc30019b8c9790e15c2ef26abed31 11546 gitlab_11.8.2-1_source.buildinfo Checksums-Sha256: 2f8f869057d44bdf7a67120f406cc04a45087f8038e89f3627af93ecb6519498 2268 gitlab_11.8.2-1.dsc 74a55b3cff510aad316b0d41f4205d8256e46e6dfec5b16c34f55267385c5601 47910676 gitlab_11.8.2.orig.tar.xz 86f296b6c1a41952341b8e8764062d539438e429a556d4e02f01dd65c326d90d 1213552 gitlab_11.8.2-1.debian.tar.xz c56163caba2649fa0526909304f199ca965b86487c403f3e02c87eda5e8c996d 11546 gitlab_11.8.2-1_source.buildinfo Files: 4c4cba55c6d7fa4ffb9d82922a24760a 2268 net optional gitlab_11.8.2-1.dsc 7c11b1ebcf4926a2a013e01372c78dfa 47910676 net optional gitlab_11.8.2.orig.tar.xz 4fc6fb26cb2d6cffa4a37e13c2fd84f3 1213552 net optional gitlab_11.8.2-1.debian.tar.xz 7cdb264713ee8e3c8ece839616bea054 11546 net optional gitlab_11.8.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEsclPZxif+sAmSPvz1N6yL8C5bhUFAlyKR2gACgkQ1N6yL8C5 bhVvpw/8D10/+A/PUe9Qq3A8J/p8f1J8pzpIYGOkzEXA4VPbMSslw75y81yFjBSM DyI1iAYQIJ9wQTucdIueHJek6LsVF4uGs3Ja/jTamLtzpunfIvcf99OX6sXmV+QO pA+7n7fSUV4Zkqz0B4AlzecMCPpIU6clw3x3YM0TubUn4vTcqmo6MhfMg3TjOm01 o5VoRCIMrbLj5CkscGs3anncXVvRWvrBiOQVp/orgh3nXNCSzBFWyRQhF0j/UGkb MHh82F7Awvcl+p5OFf+bluMbvmApJyM8f2IECBsyEWv8NqJ4vgbu6HptXUH6LzGR adz47XZEpoiPFY9F13y8ECz++2PJpMI6p+4Y/CJlIhC7KkzfDUlM1Vu/Lm5Ygyoe 15O/EryTKOopEWkpT6GpR/DL5hL1AkCbCYIcSJHIqXmHOde9A3kMvzFis3ZWhyZ6 Dfrc/73kZsUcd9cesLXVkY4wVsECN7Kg6cYfJTzjugtWhgpWM91Dg5/VNBlnHhcL 9VCHPxt3Y/Z+h1NBIKzHSwD0HV3YLbeINfZ/LywxN9Okym2mT/rkPEgzB+z4rTUd IJU3hJlqe5Gn35q27idnhTTLnp/Ur2R+MyRaCT828YFlZ9ZaC5hWwSGeYGGt4J+y ymYqEp0pNpHUNgkaLvLutnxTVIzDxsZqnNlW7cDY2YsieeTLlM8= =DQwq -----END PGP SIGNATURE-----
--- End Message ---
