From faa6a34a17ef12fe29fd39cf29b0f2889bfa6144 Mon Sep 17 00:00:00 2001
From: Jacob Vosmaer <contact@jacobvosmaer.nl>
Date: Sat, 2 Nov 2013 17:05:06 +0100
Subject: [PATCH] Bump gitlab-shell in 5.4 and 6.2

---
 doc/update/5.3-to-5.4.md |  4 ++--
 doc/update/6.1-to-6.2.md | 22 +++++++++++++++-------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/doc/update/5.3-to-5.4.md b/doc/update/5.3-to-5.4.md
index c37cb3e45ce..9e60f3bb8d5 100644
--- a/doc/update/5.3-to-5.4.md
+++ b/doc/update/5.3-to-5.4.md
@@ -22,7 +22,7 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 5-4-stable
+sudo -u git -H git checkout 5-4-stable # Latest version of 5-4-stable addresses CVE-2013-4489
 ```
 
 ### 3. Update gitlab-shell
@@ -30,7 +30,7 @@ sudo -u git -H git checkout 5-4-stable
 ```bash
 cd /home/git/gitlab-shell
 sudo -u git -H git fetch
-sudo -u git -H git checkout v1.5.0
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
 ```
 
 ### 4. Install libs, migrations, etc.
diff --git a/doc/update/6.1-to-6.2.md b/doc/update/6.1-to-6.2.md
index 0970f458f70..2b5ad2a73ad 100644
--- a/doc/update/6.1-to-6.2.md
+++ b/doc/update/6.1-to-6.2.md
@@ -24,17 +24,25 @@ sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
 ```bash
 cd /home/git/gitlab
 sudo -u git -H git fetch
-sudo -u git -H git checkout 6-2-stable
+sudo -u git -H git checkout 6-2-stable # Latest version of 6-2-stable addresses CVE-2013-4489
 ```
 
-### 3. Install additional packages
+### 3. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch
+sudo -u git -H git checkout v1.7.4 # Addresses CVE-2013-4490
+```
+
+### 4. Install additional packages
 
 ```bash
 # Add support for lograte for better log file handling
 sudo apt-get install logrotate
 ```
 
-### 4. Install libs, migrations, etc.
+### 5. Install libs, migrations, etc.
 
 ```bash
 cd /home/git/gitlab
@@ -52,7 +60,7 @@ sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
 sudo -u git -H bundle exec rake cache:clear RAILS_ENV=production
 ```
 
-### 5. Update config files
+### 6. Update config files
 
 TIP: to see what changed in gitlab.yml.example in this release use next command: 
 
@@ -74,7 +82,7 @@ sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers
 sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
 ```
 
-### 6. Update Init script
+### 7. Update Init script
 
 ```bash
 sudo rm /etc/init.d/gitlab
@@ -82,12 +90,12 @@ sudo curl --output /etc/init.d/gitlab https://raw.github.com/gitlabhq/gitlabhq/6
 sudo chmod +x /etc/init.d/gitlab
 ```
 
-### 7. Start application
+### 8. Start application
 
     sudo service gitlab start
     sudo service nginx restart
 
-### 8. Check application status
+### 9. Check application status
 
 Check if GitLab and its environment are configured correctly:
 
-- 
GitLab