Debian Package Tracker

general

source: gitlab (contrib)
version: 10.6.5+dfsg-2
maintainer: Debian Ruby Extras Maintainers (archive) [DMD]
uploaders: Balasankar C [DMD] – Cédric Boutillier [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.1.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 8.13.11+dfsg1-8+deb9u3
stable-sec: 8.13.11+dfsg1-8+deb9u3
unstable: 10.6.5+dfsg-2
exp: 10.7.5+dfsg-2
NEW/experimental: 10.7.7+dfsg-1

versioned links

8.13.11+dfsg1-8+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.6.5+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.7.5+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab

action needed

A new upstream version is available: 11.3.0~rc11 high

A new upstream version 11.3.0~rc11 is available, you should consider packaging it.

Created: 2018-05-01 Last update: 2018-09-20 14:42

23 security issues in sid high

There are 23 open security issues in sid.

23 important issues:

CVE-2018-14602: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
TEMP-0902726-3BBE24:
CVE-2018-12605: An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
TEMP-0000000-AE4CBB:
CVE-2018-14606: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
TEMP-0900522-4405E2:
CVE-2018-14604: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
CVE-2018-14603: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
TEMP-0900522-A18AAE:
CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
TEMP-0000000-007BFC:
TEMP-0900522-3AD97C:
TEMP-0900522-27F98D:
TEMP-0000000-077068:
TEMP-0000000-10F16C:
CVE-2018-12607: An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
TEMP-0000000-DE2DCD:
TEMP-0900522-7DE480:
CVE-2018-12606: An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-14605: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
TEMP-0902726-51ACFE:
TEMP-0900522-298D01:
CVE-2018-14364: GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

Please fix them.

Created: 2018-05-30 Last update: 2018-09-20 06:29

12 security issues in stretch high

There are 12 open security issues in stretch.

12 important issues:

CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
TEMP-0000000-007BFC:
TEMP-0894867-E5064B:
TEMP-0000000-DE2DCD:
CVE-2018-12606: An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
TEMP-0000000-AE4CBB:
TEMP-0902726-51ACFE:
CVE-2018-9243: GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
CVE-2018-14603: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
CVE-2018-14364: GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

Please fix them.

Created: 2018-03-23 Last update: 2018-09-20 06:29

lintian reports 2 errors and 38 warnings high

Lintian reports 2 errors and 38 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2018-07-08 06:13

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2018-05-07 Last update: 2018-09-20 14:52

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2017-10-11 Last update: 2018-09-20 10:33

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-09-20 10:33

4 new commits since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 10.7.7+dfsg-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 92a74b6aaad234279bdfca0acee9e30ff40bd60f
Author: Lucas Kanashiro <lucas.kanashiro@collabora.com>
Date:   Tue Sep 4 08:10:44 2018 -0300

    Relax recaptcha version (Closes: #907488)

commit d8db64134bc54cc71366287946e52437fa666cd0
Author: Pirate Praveen <praveen@debian.org>
Date:   Thu Aug 23 19:11:08 2018 +0530

    remove extra line

commit 01c3cde3f6eab568edb0d1aa12829951fd7f183d
Merge: fe15e9e0 30f4a86a
Author: Praveen Arimbrathodiyil <praveen@debian.org>
Date:   Thu Aug 23 13:20:24 2018 +0000

    Merge branch 'master' into 'master'
    
    Update Readme.Debian by adding bundle exec into the commands and also adding a…
    
    See merge request ruby-team/gitlab!1

commit 30f4a86af1b4b00411ec225b22c5c0b1d9caa488
Author: pavi <pavi@disroot.org>
Date:   Thu Aug 23 13:06:12 2018 +0000

    Update Readme.Debian by adding bundle exec into the commands and also adding a way to grant admin access for existing user.

Created: 2018-06-12 Last update: 2018-09-19 21:38

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.4).

Created: 2018-08-20 Last update: 2018-08-26 08:17

testing migrations

This package will soon be part of the auto-grpc transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2018-06-03] Accepted gitlab 10.7.5+dfsg-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-06-03] Accepted gitlab 10.7.5+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-28] Accepted gitlab 8.13.11+dfsg1-8+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-28] Accepted gitlab 8.13.11+dfsg1-8+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-26] Accepted gitlab 8.13.11+dfsg1-8+deb9u3 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-21] Accepted gitlab 8.13.11+dfsg1-8+deb9u2 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-12] Accepted gitlab 10.7.3+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-02] Accepted gitlab 10.6.5+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-05-01] Accepted gitlab 10.6.5+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-29] Accepted gitlab 10.6.3+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-27] Accepted gitlab 10.6.3+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-05] Accepted gitlab 10.6.3+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-04-04] Accepted gitlab 10.6.2+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-30] Accepted gitlab 8.13.11+dfsg1-8+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-27] Accepted gitlab 10.6.0+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-26] Accepted gitlab 10.5.6+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-23] Accepted gitlab 10.5.5+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-22] Accepted gitlab 10.5.5+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-21] Accepted gitlab 10.5.5+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-18] Accepted gitlab 8.13.11+dfsg1-8+deb9u1 (source all) into stable->embargoed, stable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-03-01] Accepted gitlab 9.5.4+dfsg-7 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-28] Accepted gitlab 9.5.4+dfsg-6 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-14] Accepted gitlab 9.5.4+dfsg-5 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-14] Accepted gitlab 9.5.4+dfsg-4 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-02-14] Accepted gitlab 9.5.4+dfsg-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-01-26] gitlab REMOVED from testing (Debian testing watch)
[2017-12-26] Accepted gitlab 9.5.4+dfsg-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-12-14] Accepted gitlab 9.5.4+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-11-30] Accepted gitlab 8.13.11+dfsg1-12 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2017-09-27] gitlab 8.13.11+dfsg1-11 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 42
RC: 3
I&N: 29
M&W: 7
F&P: 1
patch: 2
help: 1

links

homepage
lintian (2, 38)
buildd: logs, exp, clang
popcon
browse source code
edit tags
security tracker
screenshots