Your message dated Mon, 06 May 2019 09:04:12 +0000
with message-id <[email protected]>
and subject line Bug#928221: fixed in gitlab 11.8.9+dfsg-1
has caused the Debian Bug report #928221,
regarding gitlab: CVE-2019-11544 CVE-2019-11546 CVE-2019-11547 CVE-2019-11548
CVE-2019-11549
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
928221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928221
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gitlab
Version: 11.8.6+dfsg-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerabilities were published for gitlab.
CVE-2019-11544[0]:
Notification Emails Sent to Restricted Users
CVE-2019-11546[1]:
Merge Request Approval Count Inflation
CVE-2019-11547[2]:
Unsanitized Branch Names on New Merge Request Notification Emails
CVE-2019-11548[3]:
Unauthorized Comments on Confidential Issues
CVE-2019-11549[4]:
Improper Sanitation of Credentials in Gitaly
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-11544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11544
[1] https://security-tracker.debian.org/tracker/CVE-2019-11546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11546
[2] https://security-tracker.debian.org/tracker/CVE-2019-11547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11547
[3] https://security-tracker.debian.org/tracker/CVE-2019-11548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11548
[4] https://security-tracker.debian.org/tracker/CVE-2019-11549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11549
[5]
https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gitlab
Source-Version: 11.8.9+dfsg-1
We believe that the bug you reported is fixed in the latest version of
gitlab, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Utkarsh Gupta <[email protected]> (supplier of updated gitlab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 04 May 2019 01:20:45 +0530
Source: gitlab
Binary: gitlab gitlab-common
Architecture: source
Version: 11.8.9+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Utkarsh Gupta <[email protected]>
Description:
gitlab - git powered software platform to collaborate on code (non-omnibus
gitlab-common - git powered software platform to collaborate on code (common)
Closes: 928221
Changes:
gitlab (11.8.9+dfsg-1) unstable; urgency=medium
.
* Team upload
* New upstream version 11.8.9 (Fixes: CVE-2019-11544, CVE-2019-11546,
CVE-2019-11547, CVE-2019-11548, CVE-2019-11549) (Closes: #928221)
* Update d/patches/*
Checksums-Sha1:
aeb5abb69632b847d4c4e8c9f4abc242ab5c4f5c 2303 gitlab_11.8.9+dfsg-1.dsc
3ec77c41e11f165905a9d3cf417c58a2cd9a5c70 47379236
gitlab_11.8.9+dfsg.orig.tar.xz
ea4ee97687b19039874c0ad8f7aca76dfa76282c 1254296
gitlab_11.8.9+dfsg-1.debian.tar.xz
54bc2a72747a4732015db4e10c7787e8cded342a 7038
gitlab_11.8.9+dfsg-1_source.buildinfo
Checksums-Sha256:
32ce4412664a75ced847987870ab3ad9d53d9407b4744f42d9b12d708ab887b4 2303
gitlab_11.8.9+dfsg-1.dsc
8a61c93a6b915b76252b271ebd161106325202e4ceaffd58960bca089931b8bc 47379236
gitlab_11.8.9+dfsg.orig.tar.xz
a6dc76bc212b8592ecd12cbc99ad290c99306c86f296f28839b6fa5b95d874e3 1254296
gitlab_11.8.9+dfsg-1.debian.tar.xz
1a843e1d082b1e2fb38fd39faeb9c16fa82da47f2965002770203cbd17213c8f 7038
gitlab_11.8.9+dfsg-1_source.buildinfo
Files:
43e71c7acbd3974787aa633442ad85d4 2303 net optional gitlab_11.8.9+dfsg-1.dsc
1c95b2447cac58f873ed8b77cf4b0dd5 47379236 net optional
gitlab_11.8.9+dfsg.orig.tar.xz
23a4a905df61b11ad499f9172b2cee2f 1254296 net optional
gitlab_11.8.9+dfsg-1.debian.tar.xz
19a0e230be31fd1c14ad793377fcaadf 7038 net optional
gitlab_11.8.9+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlzP8dcACgkQzh+cZ0US
wir9pQ/+NhR1mnl8WsVSr7oautsC0qL+0oOfyDmS1FkTfnTF/L5LslOKj3fGC1Da
Di6kNT57fG98UZGAtqbFClVjAIyIK4nM1S54adBMOnJ6bPsnoQQkUL96HnenABr2
EVgFUy9Ui6Zl6U/SiZXPPQKs3qmXLStmz4wo12i8kZgtUYNxY9cXmZ22OO6xKE1B
4kN3oZjMNcK3sRRMb27cybG3u+b/9/WtmIHQpGElNtax2F1ropxcf0sdU+5TQWUE
Aw8Hcl9I6ffruPYpigvg5rTJ0wQJ5+puidAeFBEonhx+uHraNvP1mXXSsq6J6x4K
VmZE0UdQBk2Q761f9hXnSbowYEmiWn7QKm1x4TLYLTUfthh604o8gigDegEwDPTm
SvLL6xahry+2UmxPSeWtrXaqAG8GYcGVLf2w6K1mS1uQkahNIdD8lt8u83Tb7Bjd
5Npx21SDsev1NR+6uEW5t9ZOVuhHsCA3KSLtTNFNSZueNx0GBom3K+qzYOI1u9kH
39t1Z5I9ctUX4DXnquCsqDRbAA9qPPdYN2R+1F09t0QRthRB1aw2N+krI3kNrba+
FkOqOvSU+NjeFWIbKtu/+v1i+TSdQF20qWcSf3Sn4LdYebZc0GzA4fABTNAk+iUM
YQfOrxmeftA9pZjdCdftkZDRLy2dGCt+1zuzhDoO0P7ccm0a17w=
=aSvl
-----END PGP SIGNATURE-----
--- End Message ---
