Debian Package Tracker

general

source: gitlab (main)
version: 11.8.10+dfsg-1
maintainer: Debian Ruby Extras Maintainers (archive) (DMD)
uploaders: Balasankar C [DMD] – Sruthi Chandran [DMD] – Cédric Boutillier [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 11.4.9+dfsg-2~bpo9+1
unstable: 11.8.10+dfsg-1
exp: 12.0.9-1

versioned links

11.4.9+dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.8.10+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
12.0.9-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab (37 bugs: 0, 30, 7, 0)
gitlab-common (1 bugs: 0, 1, 0, 0)

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0h 2m 9s
Last run: 2019-09-19 21:26:43
Previous status: fail

Created: 2018-12-15 Last update: 2019-09-20 02:03

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://gitlab.com/gitlab-org/gitlab-ce/tags .*/gitlab-ce-v(\d[\d.]*)\.tar\.bz2

Created: 2019-09-16 Last update: 2019-09-20 01:01

42 security issues in sid high

There are 42 open security issues in sid.

42 important issues:

CVE-2019-12428:
CVE-2019-5468:
CVE-2019-5469:
CVE-2019-14942:
CVE-2019-13006:
CVE-2019-16170: An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.
CVE-2019-13003:
CVE-2019-5466:
CVE-2019-5465:
CVE-2019-5462:
CVE-2019-5463: An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-15739: An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVE-2019-15734: An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
CVE-2019-15736: An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack.
CVE-2019-15737: An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVE-2019-15730: An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.
CVE-2019-15733: An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.
CVE-2019-12446:
CVE-2019-15729: An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVE-2019-15728: An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
CVE-2019-12445:
CVE-2019-15722: An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources.
CVE-2019-15721: An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
CVE-2019-15727: An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
CVE-2019-15740: An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVE-2019-5470:
CVE-2019-14944:
CVE-2019-12434:
CVE-2019-12432:
CVE-2019-12433:
CVE-2019-12431:
CVE-2019-5464:
CVE-2019-12443:
CVE-2019-12442:
CVE-2019-12441:
CVE-2019-12444:
CVE-2019-5461: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVE-2019-13121:
CVE-2019-13009:
CVE-2019-15726: An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
CVE-2019-13011:
CVE-2019-13010:

Please fix them.

Created: 2019-06-03 Last update: 2019-09-19 06:38

lintian reports 1 error and 37 warnings high

Lintian reports 1 error and 37 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-21 Last update: 2019-09-14 02:35

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-06-05 Last update: 2019-09-20 01:38

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-09-20 01:32

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 12.0.9-2, distribution experimental) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 20fe75e0a5e8f0f984148ce79ea8aa570a27f804
Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date:   Mon Sep 16 22:38:03 2019 +0530

    Update d/ch

commit edd69c7b2d9f4190a57a0c7ad15b31bd786ea845
Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date:   Mon Sep 16 22:34:06 2019 +0530

    Add patch to bump asciidoctor

commit f0e043d3391495b7a90dff3e79d000e30997b0b8
Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date:   Mon Sep 16 22:31:22 2019 +0530

    Update d/control to update asciidoctor

Created: 2019-09-16 Last update: 2019-09-16 19:52

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

testing migrations

excuses:
- Migrates after: pdf.js
- Migration status for gitlab (- to 11.8.10+dfsg-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating gitlab introduces new bugs: #915050, #930004, #933785, #934708, #940007
- Not built on buildd: arch all binaries uploaded by abhijith@openmailbox.org, a new source-only upload is needed to allow migration
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/g/gitlab.html
- 112 days old (needed 5 days)
- Not considered

news

[rss feed]

[2019-09-12] Accepted gitlab 12.0.9-1 (source) into experimental (Nilesh) (signed by: Utkarsh Gupta)
[2019-09-11] Accepted gitlab 12.0.8-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-09-10] Accepted gitlab 12.0.8-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-09-07] Accepted gitlab 12.0.8-1 (source) into experimental (Sruthi Chandran) (signed by: Utkarsh Gupta)
[2019-08-14] Accepted gitlab 11.11.8+dfsg-1 (source) into experimental (Sruthi Chandran)
[2019-08-11] Accepted gitlab 11.11.7+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-07-07] Accepted gitlab 11.10.8+dfsg-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-06-05] Accepted gitlab 11.10.5+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-05-30] Accepted gitlab 11.8.10+dfsg-1 (source all) into unstable (Abhijith PA)
[2019-05-21] Accepted gitlab 11.10.4+dfsg-2 (source) into experimental (Utkarsh Gupta)
[2019-05-18] Accepted gitlab 11.10.4+dfsg-1 (source) into experimental (Utkarsh Gupta)
[2019-05-06] Accepted gitlab 11.8.9+dfsg-1 (source) into unstable (Utkarsh Gupta) (signed by: Praveen Arimbrathodiyil)
[2019-04-19] Accepted gitlab 11.8.6+dfsg-1 (source all) into unstable (Abhijith PA)
[2019-03-21] Accepted gitlab 11.8.3-1 (source) into unstable (Sruthi Chandran)
[2019-03-17] Accepted gitlab 11.8.2-3 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-03-15] Accepted gitlab 11.8.2-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-03-14] Accepted gitlab 11.8.2-1 (source) into experimental (Sruthi Chandran)
[2019-03-12] Accepted gitlab 11.8.0-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-02-18] Accepted gitlab 11.4.9+dfsg-2~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Abhijith PA)
[2019-02-13] Accepted gitlab 11.3.11+dfsg-1~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Abhijith PA)
[2019-02-02] Accepted gitlab 11.5.10+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-02-02] Accepted gitlab 11.2.8+dfsg-2~bpo9+2 (source all) into stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-02-01] Accepted gitlab 11.2.8+dfsg-2~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2019-01-30] Accepted gitlab 11.1.8+dfsg-2~bpo9+1 (source all) into stretch-backports (Pirate Praveen) (signed by: Abhijith PA)
[2019-01-22] Accepted gitlab 11.5.7+dfsg-1 (source all) into unstable (Abhijith PA)
[2019-01-19] gitlab REMOVED from testing (Debian testing watch)
[2019-01-05] gitlab 11.5.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-03] Accepted gitlab 11.5.6+dfsg-1 (source all) into unstable (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2018-12-27] Accepted gitlab 11.6.0+dfsg-1 (source) into experimental (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2018-12-24] gitlab 11.5.5+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 42
RC: 1
I&N: 31
M&W: 8
F&P: 2
patch: 2

links

homepage
buildd: logs, exp, clang
popcon
browse source code
edit tags
security tracker
screenshots
debci