Debian Package Tracker

general

source: gitlab (contrib)
version: 10.8.7+dfsg-1
maintainer: Debian Ruby Extras Maintainers (archive) [DMD]
uploaders: Balasankar C [DMD] – Cédric Boutillier [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable-sec: 8.13.11+dfsg1-8+deb9u3
testing: 10.8.7+dfsg-1
unstable: 10.8.7+dfsg-1

versioned links

8.13.11+dfsg1-8+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.8.7+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab
gitlab-common

action needed

Marked for autoremoval on 12 December due to ruby-httparty: #912239 high

Version 10.8.7+dfsg-1 of gitlab is marked for autoremoval from testing on Wed 12 Dec 2018. It depends (transitively) on ruby-httparty, affected by #912239. You should try to prevent the removal by fixing these RC bugs.

Created: 2018-11-05 Last update: 2018-11-14 10:01

A new upstream version is available: 11.4.5 high

A new upstream version 11.4.5 is available, you should consider packaging it.

Created: 2018-05-01 Last update: 2018-11-14 09:41

19 security issues in sid high

There are 19 open security issues in sid.

19 important issues:

CVE-2018-17450:
CVE-2018-17449:
CVE-2018-18641:
CVE-2018-17537:
CVE-2018-17452:
CVE-2018-18640:
CVE-2018-16050: An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVE-2018-16049: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVE-2018-17536:
CVE-2018-17454:
CVE-2018-16051: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVE-2018-17455:
TEMP-0000000-DE2DCD:
CVE-2018-17453:
CVE-2018-18645:
TEMP-0000000-077068:
CVE-2018-18646:
CVE-2018-17451:
CVE-2018-15472:

Please fix them.

Created: 2018-05-30 Last update: 2018-11-10 16:29

19 security issues in buster high

There are 19 open security issues in buster.

19 important issues:

CVE-2018-17450:
CVE-2018-17449:
CVE-2018-18641:
CVE-2018-17537:
CVE-2018-17452:
CVE-2018-18640:
CVE-2018-16050: An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVE-2018-16049: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVE-2018-17536:
CVE-2018-17454:
CVE-2018-16051: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVE-2018-17455:
TEMP-0000000-DE2DCD:
CVE-2018-17453:
CVE-2018-18645:
TEMP-0000000-077068:
CVE-2018-18646:
CVE-2018-17451:
CVE-2018-15472:

Please fix them.

Created: 2018-10-25 Last update: 2018-11-10 16:29

19 security issues in stretch high

There are 19 open security issues in stretch.

19 important issues:

CVE-2018-17452:
CVE-2018-14364: GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
CVE-2018-18640:
CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
CVE-2018-18646:
CVE-2018-9243: GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-12606: An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
CVE-2018-16049: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVE-2018-14603: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
TEMP-0894867-E5064B:
CVE-2018-16051: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVE-2018-17455:
TEMP-0902726-51ACFE:
TEMP-0000000-DE2DCD:
CVE-2018-18641:
CVE-2018-18645:
CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
CVE-2018-15472:

Please fix them.

Created: 2018-03-23 Last update: 2018-11-10 16:29

lintian reports 12 warnings high

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2018-10-20 05:17

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2018-10-01 Last update: 2018-11-14 11:05

12 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 11.1.8+dfsg-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 5bf2c358835ecb8372564fe46816e7295fc1a02e
Author: Pirate Praveen <praveen@debian.org>
Date:   Mon Nov 12 17:59:31 2018 +0530

    Refresh webpack patches

commit afed34ba3bb835ea0efb905978bad3f2979e5217
Author: Pirate Praveen <praveen@debian.org>
Date:   Mon Nov 12 16:50:17 2018 +0530

    Update lintian overrides

commit 0b1ca0fcb735c227fa45a35f18087e93ff92f223
Author: Pirate Praveen <praveen@debian.org>
Date:   Mon Nov 12 16:28:27 2018 +0530

    Allow doorkeeper 4.4

commit 503de87f72cd760e6b3c1f179bebd9a997206d9d
Author: Pirate Praveen <praveen@debian.org>
Date:   Sat Nov 10 22:40:14 2018 +0530

    install INSTALLATION_TYPE file

commit 6802f62b1d42148e18e2f7c061eec0cc723bb406
Author: Pirate Praveen <praveen@debian.org>
Date:   Sat Nov 10 22:37:21 2018 +0530

    Add graphql dependencies

commit 9998918b172e9c86e6513836e772a5cc3ed3d548
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 22:15:09 2018 +0530

    Tighten dependency versions

commit cfa971508f20dfa0a22231362cb8a647b896cbfc
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 21:25:13 2018 +0530

    Update files to be instaled and file count check

commit ea6a49adbe601a38d4ab5f10293737e70dc78c4e
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 20:39:57 2018 +0530

    Refresh patches

commit 31040b17159070adc9d0af59090d4716d1bda4e8
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 19:29:04 2018 +0530

    ee directory is no onger present in upstream tarball

commit 460acdb35f7ac1e22d4a53dbabd9636e4025a09b
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 19:28:41 2018 +0530

    Update changelog

commit ef232b12d60de9f58fb34d53d8585fadebb0dc50
Merge: dbbfd34d0 ecad3f3e6
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 19:24:36 2018 +0530

    Update upstream source from tag 'upstream/11.1.8+dfsg'
    
    Update to upstream version '11.1.8+dfsg'
    with Debian dir 3eac2e299cffac1dc360ebdb8a4c8e75a93bfe51

commit ecad3f3e663eaf426e6a649c53a3cc537a5b3c77
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Nov 8 19:23:39 2018 +0530

    New upstream version 11.1.8+dfsg

Created: 2018-11-08 Last update: 2018-11-13 12:03

RM: This package has been requested to be removed. normal

This package has been requested to be removed. This means that, when this request gets processed by an ftp-master, this package will no longer be in unstable, and will automatically be removed from testing too afterwards. If for some reason you want keep this package in unstable, please discuss so in the bug. Please see bug number #912972 for more information.

Created: 2018-11-05 Last update: 2018-11-05 13:31

news

[rss feed]

[2018-10-25] gitlab 10.8.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-10-19] Accepted gitlab 10.8.7+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-13] Accepted gitlab 10.7.7+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.7+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.7+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.6+dfsg-2 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.6+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.5+dfsg-3 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-06-03] Accepted gitlab 10.7.5+dfsg-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-06-03] Accepted gitlab 10.7.5+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-28] Accepted gitlab 8.13.11+dfsg1-8+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-28] Accepted gitlab 8.13.11+dfsg1-8+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-26] Accepted gitlab 8.13.11+dfsg1-8+deb9u3 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-21] Accepted gitlab 8.13.11+dfsg1-8+deb9u2 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-12] Accepted gitlab 10.7.3+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-02] Accepted gitlab 10.6.5+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-01] Accepted gitlab 10.6.5+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-29] Accepted gitlab 10.6.3+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-27] Accepted gitlab 10.6.3+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-05] Accepted gitlab 10.6.3+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-04] Accepted gitlab 10.6.2+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-30] Accepted gitlab 8.13.11+dfsg1-8+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-27] Accepted gitlab 10.6.0+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-26] Accepted gitlab 10.5.6+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-23] Accepted gitlab 10.5.5+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-22] Accepted gitlab 10.5.5+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-21] Accepted gitlab 10.5.5+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-18] Accepted gitlab 8.13.11+dfsg1-8+deb9u1 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-01] Accepted gitlab 9.5.4+dfsg-7 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-28] Accepted gitlab 9.5.4+dfsg-6 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 34
RC: 0
I&N: 26
M&W: 7
F&P: 1
patch: 2

links

homepage
lintian (0, 12)
buildd: logs, clang
popcon
browse source code
edit tags
security tracker
screenshots