Your message dated Wed, 05 Jun 2019 08:39:18 +0000 with message-id <e1hyrs2-000gen...@fasolo.debian.org> and subject line Bug#930004: fixed in gitlab 11.10.5+dfsg-1 has caused the Debian Bug report #930004, regarding gitlab: CVE-2019-12428 CVE-2019-12431 CVE-2019-12432 CVE-2019-12433 CVE-2019-12434 CVE-2019-12441 CVE-2019-12442 CVE-2019-12443 CVE-2019-12444 CVE-2019-12445 CVE-2019-12446 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930004 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gitlab Version: 11.8.10+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for gitlab, see [11] for a complete listing. CVE-2019-12428[0]: Mandatory External Authentication Provider Sign-In Restrictions Bypass CVE-2019-12431[1]: Disclosure of Milestone Metadata through the Search API CVE-2019-12432[2]: Confidential Issue Titles Revealed to Restricted Users on Unsubscribe CVE-2019-12433[3]: Internal Projects Allowed to Be Created on in Private Groups CVE-2019-12434[4]: Private Project Discovery via Comment Links CVE-2019-12441[5]: Protected Branches Restriction Rules Bypass CVE-2019-12442[6]: Stored Cross-Site Scripting Vulnerability on Child Epics CVE-2019-12443[7]: Server-Side Request Forgery Through DNS Rebinding CVE-2019-12444[8]: Stored Cross-Site Scripting on Wiki Pages CVE-2019-12445[9]: Stored Cross-Site Scripting on Notes CVE-2019-12446[10]: Repository Password Disclosed on Import Error Page If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12428 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12428 [1] https://security-tracker.debian.org/tracker/CVE-2019-12431 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12431 [2] https://security-tracker.debian.org/tracker/CVE-2019-12432 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12432 [3] https://security-tracker.debian.org/tracker/CVE-2019-12433 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12433 [4] https://security-tracker.debian.org/tracker/CVE-2019-12434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12434 [5] https://security-tracker.debian.org/tracker/CVE-2019-12441 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12441 [6] https://security-tracker.debian.org/tracker/CVE-2019-12442 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12442 [7] https://security-tracker.debian.org/tracker/CVE-2019-12443 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12443 [8] https://security-tracker.debian.org/tracker/CVE-2019-12444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12444 [9] https://security-tracker.debian.org/tracker/CVE-2019-12445 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12445 [10] https://security-tracker.debian.org/tracker/CVE-2019-12446 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12446 [11] https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 11.10.5+dfsg-1 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 930...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 05 Jun 2019 12:35:18 +0530 Source: gitlab Architecture: source Version: 11.10.5+dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Pirate Praveen <prav...@debian.org> Closes: 930004 Changes: gitlab (11.10.5+dfsg-1) experimental; urgency=medium . [ Pirate Praveen ] * New upstream security release 11.10.5+dfsg (Closes: #930004) (Fixes: CVE-2019-12428, CVE-2019-12431, CVE-2019-12432, CVE-2019-12433, CVE-2019-12434, CVE-2019-12441, CVE-2019-12442, CVE-2019-12443, CVE-2019-12444, CVE-2019-12445, CVE-2019-12446) * Arrange changelog in chronological order * Refresh patches . [ Abhijith PA ] * Update changelog Checksums-Sha1: 4bfeda88b17f76115fd79d236afc76cf444280fa 2354 gitlab_11.10.5+dfsg-1.dsc 61db48801a2052450ad74dfecac7a656130c3bfd 54066436 gitlab_11.10.5+dfsg.orig.tar.xz 61ee3f6a864b674a2edeeb6647bc633161539d1d 1254784 gitlab_11.10.5+dfsg-1.debian.tar.xz b9c9b6780bf4e585f1fc2b46e7b415f53716a57c 8813 gitlab_11.10.5+dfsg-1_amd64.buildinfo Checksums-Sha256: 4f7d0ac139f4a5497172113eb5cfe45a2f9be7fe72e5fc2a84ef21d368b25459 2354 gitlab_11.10.5+dfsg-1.dsc 6e6a000afb6335d34702c49ad870c440ea52bb579d12f6c5887bddba7f55e7bd 54066436 gitlab_11.10.5+dfsg.orig.tar.xz 1640f63d64c366ada41f49fe5d61384ec0da4e85ded09a40c44cd3a01cd05b14 1254784 gitlab_11.10.5+dfsg-1.debian.tar.xz 0c2650c903c71e30fb3f1a0347360e5544a336422d26a180e636606c87392985 8813 gitlab_11.10.5+dfsg-1_amd64.buildinfo Files: 6e1087a26331dade21e2ac80e0a00cf4 2354 net optional gitlab_11.10.5+dfsg-1.dsc a9a2be09de93a80372db1ac205a320e8 54066436 net optional gitlab_11.10.5+dfsg.orig.tar.xz 94d7942b3c36ce5d678bdf5359e4213c 1254784 net optional gitlab_11.10.5+dfsg-1.debian.tar.xz 45085180abba5ea4a4203a8003c33925 8813 net optional gitlab_11.10.5+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlz3eAAACgkQzh+cZ0US wiq15BAAlF9c/AUuIZTLN54Viiel1yruQ3cMtHMSP47LS2U5E5OGoO8kUFnSBCU8 4kDCIsfuRIqo9eV2vBJZsCMHP6al+mkGYAcXOato89qooRaTLVy65KSRc8Sxje/d lI3lrFCkwUximGdZ7JCHVwFLGayy9jMNOVJ1FFnKahixNwJBdQ3aclclkzAwcNyS ka75KHaeveVkouVkORgB36fjylfGsSGX8+/tQmVTdOhiw3cZb40qYQ6vkg+kErmU XLc3pp2yN4vhSRjdbJg5dDBhYzmHZLtfB4eGytOLCHNT6z1bg/lPfhGAurpcZCEQ jrCeEcCy2jbe+nt0QjT16WCynm/UHkggCA1Qlaf81M4g96kYgHTLz3RpI8YaJwac /z+y+RTu8Tpu15MSa6Q0rgA4+FSz/90OkQixRgzu0yMz6t9jrl3Xkl3Vygno6tTy uqlWJFboJagjIWswxk914znX4OMUqBZwjFnwcd5z1q77brT1yixXVNl8fwi2n+3Z G4PiQGEEZEkSnEXrSLzrkB9xaUj4seJBdE543fEACMnMARfsnMle6jjp66JhNnjB +4shQpDDYTViRIPajbl+s3Hq5P16ipS+j3Jp+2uSScJRdZ9Q2nW4NJc5rXPmukge 1FMrcnlBwGy5tBNttmsCkGtaoh+cP1AUTM8cMGbg/I+FnRcrMdU= =Abfg -----END PGP SIGNATURE-----
--- End Message ---
