Debian Package Tracker
Register | Log in
Subscribe

gitlab

git powered software platform to collaborate on code (non-omnibus)

Choose email to subscribe with

general
  • source: gitlab (main)
  • version: 17.6.5-15
  • maintainer: Debian Ruby Team (archive) (DMD)
  • uploaders: Pirate Praveen [DMD] – Utkarsh Gupta [DMD] – Cédric Boutillier [DMD] – Balasankar C [DMD] – Sruthi Chandran [DMD]
  • arch: all any
  • std-ver: 4.6.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • unstable: 17.6.5-15
versioned links
  • 17.6.5-15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gitlab (39 bugs: 2, 33, 4, 0)
  • gitlab-workhorse
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in 0:01:05
    Last run: 2025-05-03T06:16:18.000Z
    Previous status: unknown

  • testing: fail (log)
    The tests ran in 0:12:14
    Last run: 2019-01-19T01:29:51.000Z
    Previous status: unknown

  • stable: fail (log)
    The tests ran in 0:00:22
    Last run: 2019-07-25T19:45:07.000Z
    Previous status: unknown

Created: 2018-12-15 Last update: 2025-05-14 11:02
A new upstream version is available: 17.11.2 high
A new upstream version 17.11.2 is available, you should consider packaging it.
Created: 2025-01-30 Last update: 2025-05-14 09:30
19 security issues in sid high

There are 19 open security issues in sid.

19 important issues:
  • CVE-2024-8186: An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.
  • CVE-2024-8973: An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.
  • CVE-2025-0362: An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.
  • CVE-2025-0475: An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.
  • CVE-2025-0516: Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
  • CVE-2025-0549: An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
  • CVE-2025-0639: An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
  • CVE-2025-0652: An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.
  • CVE-2025-0811: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.
  • CVE-2025-1278: An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
  • CVE-2025-1677: A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.
  • CVE-2025-1908: An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
  • CVE-2025-2242: An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.
  • CVE-2025-2255: An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.
  • CVE-2025-2408: An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information.
  • CVE-2024-10307: An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.
  • CVE-2024-12380: An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.
  • CVE-2024-12619: An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.
  • CVE-2024-13054: An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.
Created: 2024-02-21 Last update: 2025-05-10 07:04
Build log checks report 1 error high
Build log checks report 1 error
Created: 2024-02-20 Last update: 2024-02-20 00:32
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 10-day delay is over. Check why.
Created: 2025-05-13 Last update: 2025-05-14 11:32
5 bugs tagged patch in the BTS normal
The BTS contains patches fixing 5 bugs, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-05-14 11:30
lintian reports 54 warnings normal
Lintian reports 54 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-04-17 Last update: 2025-05-03 09:00
debian/patches: 16 patches to forward upstream low

Among the 21 debian patches available in version 17.6.5-15 of the package, we noticed the following issues:

  • 16 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-06-12 Last update: 2025-05-03 10:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).
Created: 2023-06-12 Last update: 2025-05-02 23:33
testing migrations
  • excuses:
    • Migration status for gitlab (- to 17.6.5-15): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating gitlab would introduce bugs in testing: #1103306, #983915
    • ∙ ∙ autopkgtest for gitlab/17.6.5-15: amd64: Regression or new test ♻, arm64: Regression or new test ♻, armel: Regression or new test ♻, armhf: Regression or new test ♻, i386: Regression or new test ♻, ppc64el: Regression or new test ♻, riscv64: Regression or new test ♻, s390x: Regression or new test ♻
    • ∙ ∙ blocked by freeze: is not in testing
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/g/gitlab.html
    • ∙ ∙ Reproducible on amd64 - info ♻
    • ∙ ∙ Reproducible on arm64 - info ♻
    • ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
    • ∙ ∙ Reproducible on i386 - info ♻
    • ∙ ∙ 11 days old (needed 10 days)
    • Not considered
news
[rss feed]
  • [2025-05-02] Accepted gitlab 17.6.5-15 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-30] Accepted gitlab 17.6.5-14 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-22] Accepted gitlab 17.6.5-13 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-21] Accepted gitlab 17.6.5-12 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-19] Accepted gitlab 17.6.5-11 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-19] Accepted gitlab 17.6.5-10 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-17] Accepted gitlab 17.6.5-9 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-17] Accepted gitlab 17.6.5-8 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-16] Accepted gitlab 17.6.5-7 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-16] Accepted gitlab 17.6.5-6 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-15] Accepted gitlab 17.6.5-5 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-11] Accepted gitlab 17.6.5-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-11] Accepted gitlab 17.6.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-09] Accepted gitlab 17.6.5-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-06] Accepted gitlab 17.6.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-04] Accepted gitlab 17.5.5-6 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-04] Accepted gitlab 17.5.5-5 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-04] Accepted gitlab 17.5.5-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-03] Accepted gitlab 17.5.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-02] Accepted gitlab 17.5.5-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-04-02] Accepted gitlab 17.5.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-03-13] Accepted gitlab 17.3.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2025-01-29] Accepted gitlab 17.3.5-2 (source) into unstable (Ananthu C V)
  • [2024-12-01] Accepted gitlab 17.3.5-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-10-30] Accepted gitlab 17.0.8-4 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-10-28] Accepted gitlab 17.0.8-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-10-12] Accepted gitlab 17.0.8-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-10-11] Accepted gitlab 17.0.8-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-07-17] Accepted gitlab 16.11.6-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • [2024-07-16] Accepted gitlab 16.11.6-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
  • 1
  • 2
bugs [bug history graph]
  • all: 40 41
  • RC: 2
  • I&N: 34 35
  • M&W: 4
  • F&P: 0
  • patch: 5
links
  • homepage
  • lintian (0, 54)
  • buildd: logs, checks, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing