Bug#872190: marked as done (gitlab: CVE-2017-12426: Remote Command Execution in git client)

Sat, 17 Nov 2018 19:21:49 -0800 

Your message dated Sun, 18 Nov 2018 08:46:33 +0530
with message-id <[email protected]>
and subject line Re: Bug#872190: gitlab: CVE-2017-12426: Remote Command 
Execution in git client
has caused the Debian Bug report #872190,
regarding gitlab: CVE-2017-12426: Remote Command Execution in git client
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
872190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872190
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: gitlab
Version: 8.13.11+dfsg1-8
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212

Hi,

the following vulnerability was published for gitlab.

CVE-2017-12426[0]:
| GitLab Community Edition (CE) and Enterprise Edition (EE) before
| 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10,
| 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote
| attackers to execute arbitrary code via a crafted SSH URL in a project
| import.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12426
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12426
[1] https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
[2] https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
On Thu, 17 Aug 2017 19:16:38 +0200 Salvatore Bonaccorso <[email protected]> 
wrote:
> Can you close this bug once the gitlab
> version contains as well this extra safety measure if still running
> with older git?

We have 10.8.7 in buster and 11.1.8 in sid. Closing.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--- End Message ---

Reply via email to