Bug#925196: marked as done (gitlab: CVE-2019-9866: Project Runner Token Exposed Through Issues Quick Actions)

[Debian Bug Tracking System]

Your message dated Thu, 21 Mar 2019 19:20:15 +0000
with message-id <e1h73ed-0002hp...@fasolo.debian.org>
and subject line Bug#925196: fixed in gitlab 11.8.3-1
has caused the Debian Bug report #925196,
regarding gitlab: CVE-2019-9866: Project Runner Token Exposed Through Issues 
Quick Actions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
925196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925196
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: gitlab
Version: 11.8.2-3
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for gitlab.

CVE-2019-9866[0]:
Project Runner Token Exposed Through Issues Quick Actions

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-9866
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9866
[1] 
https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: gitlab
Source-Version: 11.8.3-1

We believe that the bug you reported is fixed in the latest version of
gitlab, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 925...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sruthi Chandran <s...@disroot.org> (supplier of updated gitlab package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 Mar 2019 00:19:33 +0530
Source: gitlab
Binary: gitlab gitlab-common
Architecture: source
Version: 11.8.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Sruthi Chandran <s...@disroot.org>
Description:
 gitlab     - git powered software platform to collaborate on code (non-omnibus
 gitlab-common - git powered software platform to collaborate on code (common)
Closes: 925196
Changes:
 gitlab (11.8.3-1) unstable; urgency=high
 .
   [ Pirate Praveen ]
   * Set minimum version of git to 2.18
 .
   [ Sruthi Chandran ]
   * New upstream version 11.8.3 (Closes: #925196) (Fixes: CVE-2019-9866)
Checksums-Sha1:
 5da18b312fa9bba4d4df3a8c9ffac500ea903bbc 2268 gitlab_11.8.3-1.dsc
 0dd018731b390f64dbb930ed0bd7b6e58e14b54f 47911944 gitlab_11.8.3.orig.tar.xz
 8f269044faefe3d7f2f8c714f70e0f8d24556190 1252976 gitlab_11.8.3-1.debian.tar.xz
 f68629f6d2de8f5cbc0d4d1e39285339866b9291 11522 gitlab_11.8.3-1_source.buildinfo
Checksums-Sha256:
 58fd644d099a7bc37d4874e0cdcdc353a25d771f717146605a6e645d168763ed 2268 
gitlab_11.8.3-1.dsc
 235874cdb83d0818f0234cac9c649ea753ffb885d9786accd7960dc728563f10 47911944 
gitlab_11.8.3.orig.tar.xz
 4fe224c3cc03cb8ca68b413f9aa3cf7687b469ccd02c569a9c4db6230135ada2 1252976 
gitlab_11.8.3-1.debian.tar.xz
 1ac3f20dd0d4adbed024c0966353de8bde95c1facb76efb65ac9b5c6d90920cd 11522 
gitlab_11.8.3-1_source.buildinfo
Files:
 fede48f7de2a23377b969e86eefe9b1f 2268 net optional gitlab_11.8.3-1.dsc
 e1406ce444c3a92190ccf129d1941ea5 47911944 net optional 
gitlab_11.8.3.orig.tar.xz
 04170ec0483c054656c6d143f2a32df9 1252976 net optional 
gitlab_11.8.3-1.debian.tar.xz
 94727ef6ba5ea27103c0f2cacb98fe6c 11522 net optional 
gitlab_11.8.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEsclPZxif+sAmSPvz1N6yL8C5bhUFAlyT3jcACgkQ1N6yL8C5
bhVvEhAAnfPNBdWJNHG49KuVOx9iX5fkt2TM9hCuk7HxKsXiIQs2s62Froku0xqf
tsQ711N8VdbB59sTEId0JQH0qFmwbJtXlJbUqkHPAc3DCjYWgI+vBL2JSxFubQ5y
SnOFp1chU+8TegIMt86XpFXgaL6ZIh5ZJXacV6Qknf19F2tdPpA2SGZC7q+6rZJy
Nufcb3uEFU2GOSXRNmIYe3L3xRoDKRqvkrOneQGVG2AJKzxC18LRAJRCpM05pvZI
y3etcwsJshlSFM5gkFB+Fl21g36XgDbnZSlgrBVEy0AIv1tjojL7zHAjDzUOP0KY
Gk6F6uPDujPG2eGLlO6Yjt9j0jG56El8P4qQBbOAyRPNdzyNHHqv5e7viUfZjJRJ
GVW/tdoL9Zns9K2vh9fR8Go4uBamGTFiPDcyw83AYjoPZGhpXPuuuEc3mxIefqgP
iRUSHyJiOXvg/swr6MdGUMd7W912i7UT6uH1hxSx70T5ib8hUkBv8vAAQlMmSrHT
aMs5aVZ1Oa5e8nql2gZvLwbPXomiMmZjrO/0sxSlDvUt1Q+f420D1thPXSIWFlfo
jXd7E2ipRGSy4uK2ScETXyy+vSdGZoXMBMqVIgjCAj68fTxXe3WwgE9xj6Zu4lrY
jfpiAPgc0/HE4daGxO95mRg0F4HPi+hB8kfqXorjBAFsmJrtojc=
=GEoo
-----END PGP SIGNATURE-----

--- End Message ---