gitlab - Debian Package Tracker

general

source: gitlab (main)
version: 17.6.5-13
maintainer: Debian Ruby Team (archive) (DMD)
uploaders: Cédric Boutillier [DMD] – Pirate Praveen [DMD] – Balasankar C [DMD] – Sruthi Chandran [DMD] – Utkarsh Gupta [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 17.6.5-13

versioned links

17.6.5-13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab (39 bugs: 2, 33, 4, 0)
gitlab-workhorse

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:00:50
Last run: 2025-04-16T18:27:51.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:12:14
Last run: 2019-01-19T01:29:51.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:00:22
Last run: 2019-07-25T19:45:07.000Z
Previous status: unknown

Created: 2018-12-15 Last update: 2025-04-23 20:33

A new upstream version is available: 17.11.0 high

A new upstream version 17.11.0 is available, you should consider packaging it.

Created: 2025-01-30 Last update: 2025-04-23 15:30

14 security issues in sid high

There are 14 open security issues in sid.

14 important issues:

CVE-2024-8186: An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.
CVE-2025-0362: An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf.
CVE-2025-0475: An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.
CVE-2025-0516: Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
CVE-2025-0652: An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only.
CVE-2025-0811: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.
CVE-2025-1677: A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.
CVE-2025-2242: An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.
CVE-2025-2255: An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.
CVE-2025-2408: An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information.
CVE-2024-10307: An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.
CVE-2024-12380: An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.
CVE-2024-12619: An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.
CVE-2024-13054: An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.

Created: 2024-02-21 Last update: 2025-04-23 14:00

Build log checks report 1 error high

Build log checks report 1 error

Created: 2024-02-20 Last update: 2024-02-20 00:32

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-04-23 21:00

lintian reports 54 warnings normal

Lintian reports 54 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-17 Last update: 2025-04-20 02:31

debian/patches: 16 patches to forward upstream low

Among the 21 debian patches available in version 17.6.5-13 of the package, we noticed the following issues:

16 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-06-12 Last update: 2025-04-22 12:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2023-06-12 Last update: 2025-04-22 11:31

testing migrations

excuses:
- Migrates after: ruby-puma-worker-killer
- Migration status for gitlab (- to 17.6.5-13): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating gitlab would introduce bugs in testing: #1103306, #983915
- ∙ ∙ autopkgtest for gitlab/17.6.5-13: amd64: Regression or new test ♻, arm64: Regression or new test ♻, armel: Regression or new test ♻, armhf: Regression or new test ♻, i386: Regression or new test ♻, ppc64el: Regression or new test ♻, riscv64: Regression or new test ♻, s390x: Regression or new test ♻
- ∙ ∙ blocked by freeze: is not in testing
- ∙ ∙ Too young, only 2 of 10 days old
- ∙ ∙ Depends: gitlab ruby-puma-worker-killer (not considered)
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/g/gitlab.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[rss feed]

[2025-04-22] Accepted gitlab 17.6.5-13 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-21] Accepted gitlab 17.6.5-12 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-19] Accepted gitlab 17.6.5-11 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-19] Accepted gitlab 17.6.5-10 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-17] Accepted gitlab 17.6.5-9 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-17] Accepted gitlab 17.6.5-8 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-16] Accepted gitlab 17.6.5-7 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-16] Accepted gitlab 17.6.5-6 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-15] Accepted gitlab 17.6.5-5 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-11] Accepted gitlab 17.6.5-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-11] Accepted gitlab 17.6.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-09] Accepted gitlab 17.6.5-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-06] Accepted gitlab 17.6.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-04] Accepted gitlab 17.5.5-6 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-04] Accepted gitlab 17.5.5-5 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-04] Accepted gitlab 17.5.5-4 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-03] Accepted gitlab 17.5.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-02] Accepted gitlab 17.5.5-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-04-02] Accepted gitlab 17.5.5-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-03-13] Accepted gitlab 17.3.5-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2025-01-29] Accepted gitlab 17.3.5-2 (source) into unstable (Ananthu C V)
[2024-12-01] Accepted gitlab 17.3.5-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-10-30] Accepted gitlab 17.0.8-4 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-10-28] Accepted gitlab 17.0.8-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-10-12] Accepted gitlab 17.0.8-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-10-11] Accepted gitlab 17.0.8-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-07-17] Accepted gitlab 16.11.6-3 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-07-16] Accepted gitlab 16.11.6-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-07-13] Accepted gitlab 16.11.6-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2024-07-10] Accepted gitlab 16.11.5-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 39 40
RC: 2
I&N: 33 34
M&W: 4
F&P: 0
patch: 4

links

homepage
lintian (0, 54)
buildd: logs, checks, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci