Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-03-12 Thread Balasankar C
Hi, As per the upstream blogpost, https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ , the applicability of the CVEs listed at https://security-tracker.debian.org/tracker/source-package/gitlab to version of GitLab in Stretch is as follows. CVE-2018-3710 - Applicable to version

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-03-11 Thread Pirate Praveen
On ശനി 10 മാർച്ച് 2018 11:25 വൈകു, Pirate Praveen wrote: > I will attach a debdiff tomorrow with the CVEs we already backported. debdiff attached. diff -Nru gitlab-8.13.11+dfsg/debian/changelog gitlab-8.13.11+dfsg/debian/changelog --- gitlab-8.13.11+dfsg/debian/changelog2017-03-23

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-03-10 Thread Pirate Praveen
On Mon, 5 Mar 2018 17:18:00 +0530 Pirate Praveen wrote: > On ഞായര്‍ 04 മാർച്ച് 2018 10:29 വൈകു, Moritz Mühlenhoff wrote: > > We're now almost two months in after the upstream security > > release. If this still isn't ready, that's a sign to me > > that we can' reasonably

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-03-05 Thread Pirate Praveen
On ഞായര്‍ 04 മാർച്ച് 2018 10:29 വൈകു, Moritz Mühlenhoff wrote: > We're now almost two months in after the upstream security > release. If this still isn't ready, that's a sign to me > that we can' reasonably support it, so the next best option > is to end-of-life it and eventually ask for it's

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-03-04 Thread Moritz Mühlenhoff
On Thu, Feb 15, 2018 at 09:53:25PM +0530, Pirate Praveen wrote: > On വ്യാഴം 15 ഫെബ്രുവരി 2018 12:07 രാവിലെ, Moritz Mühlenhoff wrote: > > What's the status? > > Cheers, > > Moritz > Some cve patches are backported, but help is welcome, >

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-02-15 Thread Pirate Praveen
On വ്യാഴം 15 ഫെബ്രുവരി 2018 12:07 രാവിലെ, Moritz Mühlenhoff wrote: > What's the status? > Cheers, > Moritz Some cve patches are backported, but help is welcome, https://salsa.debian.org/ruby-team/gitlab/tree/master-8-13 https://pad.disroot.org/p/gitlab_security_bp signature.asc

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-02-14 Thread Moritz Mühlenhoff
On Fri, Jan 26, 2018 at 10:14:16PM +0530, Pirate Praveen wrote: > On വെള്ളി 26 ജനുവരി 2018 07:32 വൈകു, Salvatore Bonaccorso wrote: > > See > > https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ > > for which several go back to 8.9.0 versions. > > > > There are three CVEs out of >

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-01-26 Thread Pirate Praveen
On വെള്ളി 26 ജനുവരി 2018 07:32 വൈകു, Salvatore Bonaccorso wrote: > See > https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ > for which several go back to 8.9.0 versions. > > There are three CVEs out of > https://security-tracker.debian.org/tracker/source-package/gitlab >

Bug#888508: gitlab: multiple CVEs from GitLab Security Release: 10.3.4, 10.2.6, and 10.1.6 advisory

2018-01-26 Thread Salvatore Bonaccorso
Source: gitlab Version: 8.13.11+dfsg1-12 Severity: grave Tags: upstream security Hi See https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ for which several go back to 8.9.0 versions. There are three CVEs out of https://security-tracker.debian.org/tracker/source-package/gitlab