Your message dated Sun, 11 Dec 2016 16:48:39 +0000 with message-id <e1cg7il-000ecb...@fasolo.debian.org> and subject line Bug#847157: fixed in gitlab 8.13.6+dfsg2-2 has caused the Debian Bug report #847157, regarding gitlab: CVE-2016-9469 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 847157: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847157 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: gitlab Version: 8.13.3+dfsg1-2 Severity: grave Tags: security upstream Hi, the following vulnerability was published for gitlab. CVE-2016-9469[0]: |Denial-of-Service and Data Corruption Vulnerability in Issue and Merge |Request Trackers If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9469 [1] https://about.gitlab.com/2016/12/05/cve-2016-9469/ According to upstream all 8.13.0 through 8.13.7 are affected. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: gitlab Source-Version: 8.13.6+dfsg2-2 We believe that the bug you reported is fixed in the latest version of gitlab, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 847...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen <prav...@debian.org> (supplier of updated gitlab package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 11 Dec 2016 22:06:59 +0530 Source: gitlab Binary: gitlab Architecture: source Version: 8.13.6+dfsg2-2 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Pirate Praveen <prav...@debian.org> Description: gitlab - git powered software platform to collaborate on code Closes: 847114 847157 847337 847420 Changes: gitlab (8.13.6+dfsg2-2) unstable; urgency=medium . * Add patch cve-2016-9469.diff (Fixes: CVE-2016-9469) (Closes: #847157) * Use ruby-jquery-ui-rails 6 (Closes: #847337) * Enable more tests * Use -C for specifing sidekiq queues, Thanks to Justin F. Hallett (Closes: #847114) * Add dpkg trigger to refresh Gemfile.lock if a dependency is changed (Closes: #847420) Checksums-Sha1: a1b5f705ca29a95baacef0b6c330fe9aa64b47c8 2492 gitlab_8.13.6+dfsg2-2.dsc e2bf3a0b3201918d5b6b9c3191156bea24aaf8c6 45140 gitlab_8.13.6+dfsg2-2.debian.tar.xz Checksums-Sha256: 0c2afd62c76495b2b35d7ae229b11b049246cb1528440d21c5eb3f0f167b7c1c 2492 gitlab_8.13.6+dfsg2-2.dsc 6acb1cb34c3c93db5872b42086deb4fa08f0ed319084f2bb509e4a1876e80f9a 45140 gitlab_8.13.6+dfsg2-2.debian.tar.xz Files: ee22558032bccd6c83ad79468fb3bb93 2492 ruby optional gitlab_8.13.6+dfsg2-2.dsc c7446213e1bb822827860ea4d83fbb9d 45140 ruby optional gitlab_8.13.6+dfsg2-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlhNgOMACgkQzh+cZ0US wiqi8xAAs4QV4+V5Mjar42iXjY2eqSVTVB2uYmqvgkYYA+mr9ItUV3w/sXbO7+gK RoMMKydVMO1wP0GIvfQJ30Ue64+ga7+ChCUO8J2fnmOSdd/gVRnyafpWRsLpAvON J216zP/BDtWS4+0h+X1IqpWP9BGieMV1ngC4FplOtKRnarTm+symB3YP4K322Gny sjzQASxM02M4hG9iScY/Yn47VwjKifiqPrVi25pYv61WNdIJKHnf597WGrqNSicY JEPNHdRFLFGlQjEBH26s9H/3VMHKI+YCbp8yccNPa2yfH+bfM9ALp5TkkaEcGIpn AH5TTX5xslR6hWYlVB8wkEC5Mav1C+c83ZnOeI5v5ZHrLP+JcnnXW+9IRclYTHxc 3lwzbdMGlXaUN9sTFU0J3u9nAdnIahZ6/0Zs5hKnxnuLwgYfmFQRzJyf4VK8YgRh G0caaOWgUbr5AI6g5CMFer5WoPQoQ8PSh3QOq1c8ZwoKUEOb6sNTDACpsbbwcfKY 57URpBEx2s9qjzSoM71EwcKTTS0ody/DO3DEpt8QiYWG6jmWM9uoWRnxgAh+Ran1 M7awoc95DxRRT8GtmOJ73o7mbaNsWivV2k0FW8i3Mh4NJam5ILd8ARfF2bu/oz5B NsWzcH7gXRM8qrbCb1qUW6KipnPdkVo38mOVNgFHbVyTKfgK/zE= =kYhn -----END PGP SIGNATURE-----
--- End Message ---
