Your message dated Fri, 03 Jun 2016 13:18:51 +0000 with message-id <e1b8ozz-0000lh...@franck.debian.org> and subject line Bug#823290: fixed in gitlab 8.8.2+dfsg-1 has caused the Debian Bug report #823290, regarding gitlab: several security issues fixed by latest version (including CVE-2016-4340) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 823290: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823290 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gitlab Severity: serious GitLab recently fixed several serious security issues: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/ CVE-2016-4340: Privilege escalation via "impersonate" feature Privilege escalation via notes API Privilege escalation via project webhook API XSS vulnerability via branch and tag names XSS vulnerability via custom issue tracker URL XSS vulnerability via window.opener XSS vulnerability via label drop-down Information disclosure via milestone API Information disclosure via snippet API Information disclosure via project labels Information disclosure via new merge request page Please update the Debian gitlab package to the latest upstream. -- bye, pabs https://wiki.debian.org/PaulWisesignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 8.8.2+dfsg-1 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 823...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Jun 2016 22:27:15 +0530 Source: gitlab Binary: gitlab Architecture: source all Version: 8.8.2+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Pirate Praveen <prav...@debian.org> Description: gitlab - git powered software platform to collaborate on code Closes: 821085 823290 Changes: gitlab (8.8.2+dfsg-1) unstable; urgency=medium . * New upstream release (Closes: #823290) * Refresh patches * Bump standards version to 3.9.8 (no changes) * Enable the pg_trgm extension for postgresql * Check if nginx site configuration directory is present before copying (Closes: #821085) * Symlink /run/gitlab/cache to /var/lib/gitlab/cache (or /run gets filled up) * Remove debconf db on purge Checksums-Sha1: 1704362adafab4c52267fb437c9b65e4b97fc4e4 2054 gitlab_8.8.2+dfsg-1.dsc 1a3c1b8e92a2d7cc72c4ddec1ac94c19c4bffa0e 18555944 gitlab_8.8.2+dfsg.orig.tar.gz 780bb978634b3e5570539e42f09ca833a925706d 36376 gitlab_8.8.2+dfsg-1.debian.tar.xz 89e30495cee772c543f9d4a9b371bef646c70269 17578638 gitlab_8.8.2+dfsg-1_all.deb Checksums-Sha256: 999f699406432ce486c0f3d39aa75a7375b03589705802da7ea591cd89c31866 2054 gitlab_8.8.2+dfsg-1.dsc 40e9dc0cccbe857b8302b429824b8c1c6aa60d2182c0bc1bc76d30e5f86928f0 18555944 gitlab_8.8.2+dfsg.orig.tar.gz 57de7410c36d7b25d6d3c5b3270b58eb7783408b7a229e6876af54ace6aef13d 36376 gitlab_8.8.2+dfsg-1.debian.tar.xz 599927aa020c9e3ca8e807f1f2a58a6f9e09c9513fa8b28606946ec3817934a5 17578638 gitlab_8.8.2+dfsg-1_all.deb Files: 5b6cc6f6ad74afe147312a92ac13e66e 2054 ruby optional gitlab_8.8.2+dfsg-1.dsc 38a1274179ed1caa712288dc3fac6482 18555944 ruby optional gitlab_8.8.2+dfsg.orig.tar.gz 7995f928b82b29b5de3af07cf7fcc9e4 36376 ruby optional gitlab_8.8.2+dfsg-1.debian.tar.xz a7ac6b270999298b3c6b964fe337e2fe 17578638 ruby optional gitlab_8.8.2+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXUXtNAAoJEM4fnGdFEsIqRXoQAJ//wHTu01XOo8rBb49pUbg5 uy9bnaI/pkIwl2B3ynjKIGIeDPg6gAnMG/ImXL6rM+OJ7KuyCfT4CFM6/FLb1zla dHRX8uV3P1U46CHj+JNWgupoWdETTNOkbYHmVd4Verc+h+xGb8fL93rNPzZkcBsN q2xKCF7Xi5xOwuWDMumkJJvSKpXDKra2l8vdbxfwWkRlDYgnwnJxVEp6cIKcFLAJ v1prXSORQVaqEig5FaNLx/bkyqFBTsF8u0gL8nScBzzEOMaVwVjdn2WfcpMtP4Dz /nhHKNOOOkYgI0smz44wE74lzuR5WXz6foXFLBwh/Qyycr71mRolKhMSShaf2eDw Wf6OAmQ1Y8F0RlAghjic4J6PPvJs9Z1VyRJlmDw6PSZuF3Dt4O+WjNn/ACCeGUUO 9wCfxy8HF7I+mksyAocob23ljm5DI03R+kbYqY5rFm3uvfxAwkYamiwPW8UTKi1B VO4D+EmGIo5gAM3nH7C4yuYj6swj5ToIXC/KZp+likU2hvbwlGXlJGCd5hpgTZCK YlvIT6ikbISuzLbrwy+jD2czZ+2JWhabHX9oJK/MedUn/Lhn6ocZEXyePd+/jWgP aEX9Xr9F5LrvAA4ob9ewLQFNKRXBfg4K37fS8ifgps7tPlwGMedvlyHi/KOQljRd PWkphvYMkBdXmVsLFqbr =/Car -----END PGP SIGNATURE-----
--- End Message ---