On Fri, Jan 26, 2018 at 10:14:16PM +0530, Pirate Praveen wrote: > On വെള്ളി 26 ജനുവരി 2018 07:32 വൈകു, Salvatore Bonaccorso wrote: > > See > > https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ > > for which several go back to 8.9.0 versions. > > > > There are three CVEs out of > > https://security-tracker.debian.org/tracker/source-package/gitlab > > belonging to that list wich are yet marked undetermined, because not > > clear from the advisory if 8.13.11=dfsg1-12 might be affected. > > But assuming the 'version affected' information is correct, they are > > not, please confirm so we can adjust the security-tracker information. > > We are working on backporting the patches (8.13.12 don't have most of > these patches). We will confirm once we go through all of it.
What's the status? Cheers, Moritz