Debian 10164 Published by

The following security updates has been released for Debian GNU/Linux

Debian GNU/Linux 7 LTS:
DLA 1387-1: cups security update

Debian GNU/Linux 9:
DSA 4206-2: gitlab regression update



DLA 1387-1: cups security update




Package : cups
Version : 1.5.3-5+deb7u8
CVE ID : CVE-2017-18248


CVE-2017-18248
It was found that by submitting a print job with an invalid username,
the CUPS server can be crashed, when D-Bus support is enabled (which
is the case for Debian).


For Debian 7 "Wheezy", these problems have been fixed in version
1.5.3-5+deb7u8.

We recommend that you upgrade your cups packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4206-2: gitlab regression update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4206-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 26, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gitlab
Debian Bug : 900066

The gitlab security update announced as DSA-4206-1 caused regressions
when creating merge requests (returning 500 Internal Server Errors) due
to an issue in the patch to address CVE-2017-0920. Updated packages are
now available to correct this issue.

For the stable distribution (stretch), this problem has been fixed in
version 8.13.11+dfsg1-8+deb9u3.

We recommend that you upgrade your gitlab packages.

For the detailed security status of gitlab please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/gitlab

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/