gitlab - Debian Package Tracker

general

source: gitlab (contrib)
version: 13.4.7-2
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Sruthi Chandran [DMD] – Cédric Boutillier [DMD] – Balasankar C [DMD] – Utkarsh Gupta [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 11.4.9+dfsg-2~bpo9+1
unstable: 13.4.7-2
exp: 13.7.8+ds1-1

versioned links

11.4.9+dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
13.4.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
13.7.8+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab (44 bugs: 4, 33, 7, 0)

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:02:44
Last run: 2021-04-14 10:29:07 UTC
Previous status: fail

testing: fail (log)
The tests ran in 0:12:14
Last run: 2019-01-19 01:29:51 UTC
Previous status: fail

stable: fail (log)
The tests ran in 0:00:22
Last run: 2019-07-25 19:45:07 UTC
Previous status: unknown

Created: 2018-12-15 Last update: 2021-04-15 06:07

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://gemwatch.debian.net/elasticsearch-model .*/elasticsearch-model-(6.1.*).tar.gz ignore

Created: 2020-06-29 Last update: 2021-04-15 05:00

A new upstream version is available: 13.10.2 high

A new upstream version 13.10.2 is available, you should consider packaging it.

Created: 2020-08-25 Last update: 2021-04-15 05:00

26 security issues in sid high

There are 26 open security issues in sid.

26 important issues:

CVE-2020-26414: An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVE-2021-22167: An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168: A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171: Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2021-22172: Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page
CVE-2021-22176: An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
CVE-2021-22177: Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.
CVE-2021-22178: An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
CVE-2021-22179: A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature.
CVE-2021-22180: An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.
CVE-2021-22183: An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
CVE-2021-22184: An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
CVE-2021-22186: An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
CVE-2021-22188: An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs.
CVE-2021-22189: Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
CVE-2021-22190: A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVE-2021-22192: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
CVE-2021-22193: An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
CVE-2021-22194: In all versions of GitLab starting from 13.7, marshalled session keys were being stored in Redis.
CVE-2021-22196: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
CVE-2021-22197: An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other
CVE-2021-22198: An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.
CVE-2021-22200: An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.
CVE-2021-22201: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.
CVE-2021-22202: An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
CVE-2021-22203: An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server.

Created: 2021-02-19 Last update: 2021-04-14 05:31

lintian reports 59 errors and 83 warnings high

Lintian reports 59 errors and 83 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-04-11 10:16

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 20-day delay is over. Check why.

Created: 2020-12-22 Last update: 2021-04-15 06:04

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-11-16 Last update: 2021-04-15 06:01

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2020-10-19 Last update: 2021-04-15 06:01

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 13.9.5+ds1-1, distribution experimental) and new commits in its VCS. You should consider whether it's time to make an upload.

https://salsa.debian.org/api/v4/projects/ruby-team%2Fgitlab/pipelines?scope=finished&per_page=1 API request failed: 403 Forbidden at /srv/qa.debian.org/data/vcswatch/vcswatch line 403.

Created: 2021-03-08 Last update: 2021-04-09 09:00

testing migrations

excuses:
- Migrates after: gitaly, ruby-jquery-atwho-rails
- Migration status for gitlab (- to 13.4.7-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating gitlab introduces new bugs: #915050, #983480, #983915, #983924, #984828
- autopkgtest for gitlab/13.4.7-2: amd64: Regression ♻ , arm64: Regression ♻ , armhf: Regression ♻ , i386: Regression ♻ , ppc64el: Regression ♻
- blocked by freeze: is not in testing
- Depends: gitlab gitaly
- Depends: gitlab ruby-jquery-atwho-rails
- Additional info:
- Cannot be tested by piuparts (not a blocker) - (no link yet)
- 119 days old (needed 20 days)
- Not considered

news

[rss feed]

[2021-03-05] Accepted gitlab 13.7.8+ds1-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-03-02] Accepted gitlab 13.7.7-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-03-01] Accepted gitlab 13.7.7-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-02-25] Accepted gitlab 13.6.7-4 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-02-24] Accepted gitlab 13.6.7-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-02-19] Accepted gitlab 13.6.7-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-02-11] Accepted gitlab 13.6.7-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-02-04] Accepted gitlab 13.6.6-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2021-01-08] Accepted gitlab 13.5.6-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-17] Accepted gitlab 13.4.7-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-08] Accepted gitlab 13.4.7-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-12-06] Accepted gitlab 13.4.6-3 (source) into unstable (Sruthi Chandran)
[2020-12-03] Accepted gitlab 13.4.6-2 (source) into unstable (Sruthi Chandran)
[2020-11-27] Accepted gitlab 13.4.6-1 (source) into experimental (Sruthi Chandran)
[2020-11-07] Accepted gitlab 13.3.9-1 (source all) into unstable (Abraham Raji) (signed by: Praveen Arimbrathodiyil)
[2020-11-02] Accepted gitlab 13.3.8-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-10-11] Accepted gitlab 13.2.10-1 (source all) into unstable (Abraham Raji) (signed by: Praveen Arimbrathodiyil)
[2020-09-06] Accepted gitlab 13.2.8-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-09-03] Accepted gitlab 13.2.8-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-20] Accepted gitlab 13.2.6-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-20] Accepted gitlab 13.2.6-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-19] Accepted gitlab 13.2.6-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-18] Accepted gitlab 13.2.5-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-11] Accepted gitlab 13.2.3-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-09] Accepted gitlab 13.2.3-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-08-08] Accepted gitlab 13.1.6-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-07-16] Accepted gitlab 13.1.4-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2020-07-12] Accepted gitlab 13.1.4-1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-07-12] Accepted gitlab 13.1.3-1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)
[2020-07-12] Accepted gitlab 13.1.2-1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 45
RC: 5
I&N: 33
M&W: 7
F&P: 0
patch: 4
help: 1

links

homepage
lintian (59, 83)
buildd: logs, exp, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci