Debian Package Tracker

general

source: gitlab (main)
version: 11.5.6+dfsg-1
maintainer: Debian Ruby Extras Maintainers (archive) [DMD]
uploaders: Balasankar C [DMD] – Sruthi Chandran [DMD] – Cédric Boutillier [DMD] – Pirate Praveen [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable-sec: 8.13.11+dfsg1-8+deb9u3
stable-bpo: 10.8.7+dfsg-1~bpo9+1
testing: 11.5.6+dfsg-1
unstable: 11.5.6+dfsg-1
exp: 11.6.0+dfsg-1

versioned links

8.13.11+dfsg1-8+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.8.7+dfsg-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.5.6+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.6.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gitlab
gitlab-common

action needed

Marked for autoremoval on 17 January due to ruby-attr-encrypted, ruby-jquery-atwho-rails, ruby-omniauth-cas3, ruby-protected-attributes, ruby-rails-i18n, ruby-seed-fu: #915050, #918260, #918302, #918389, #918406, #918595, #918611 high

Version 11.5.6+dfsg-1 of gitlab is marked for autoremoval from testing on Thu 17 Jan 2019. It is affected by #915050. The removal of gitlab will also cause the removal of (transitive) reverse dependency: gitaly. It depends (transitively) on ruby-attr-encrypted, ruby-jquery-atwho-rails, ruby-omniauth-cas3, ruby-protected-attributes, ruby-rails-i18n, ruby-seed-fu, affected by #918260, #918302, #918389, #918406, #918595, #918611. You should try to prevent the removal by fixing these RC bugs.

Created: 2018-12-06 Last update: 2019-01-17 21:17

Debci reports failed tests (log) high

Debci reports test failures (log).

The tests ran in 0h 0m 49s

Last run: 2019-01-17 02:31:38

Previous status: fail

Created: 2018-12-15 Last update: 2019-01-17 20:37

A new upstream version is available: 11.6.3 high

A new upstream version 11.6.3 is available, you should consider packaging it.

Created: 2018-12-21 Last update: 2019-01-17 19:36

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2018-12-23 Last update: 2019-01-17 10:40

lintian reports 68 warnings high

Lintian reports 68 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-08 Last update: 2019-01-11 06:53

56 security issues in stretch high

There are 56 open security issues in stretch.

56 important issues:

CVE-2018-20499:
CVE-2018-19569:
CVE-2018-20489:
CVE-2018-20493:
CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
CVE-2018-19570:
CVE-2018-19576:
CVE-2018-20497:
CVE-2018-19496:
TEMP-0000000-DE2DCD:
CVE-2018-15472:
CVE-2017-0919: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
CVE-2018-20494:
CVE-2018-20500:
CVE-2018-14364: GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
CVE-2017-0921: GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
CVE-2018-19574:
CVE-2018-20488:
CVE-2018-19575:
CVE-2018-19583:
CVE-2018-19585:
CVE-2018-20495:
CVE-2018-17452:
CVE-2018-14603: An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
CVE-2018-20144:
CVE-2018-18640: An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.
CVE-2018-20498:
CVE-2018-19494:
CVE-2018-20507:
TEMP-0894867-E5064B:
CVE-2018-20490:
CVE-2018-17455:
CVE-2018-18646: An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.
CVE-2018-19493:
CVE-2018-20496:
CVE-2018-19573:
CVE-2018-9243: GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
CVE-2018-19580:
CVE-2018-20501:
CVE-2018-20491:
CVE-2018-18645: An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.
CVE-2018-19571:
CVE-2018-19572:
CVE-2018-12606: An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-19359:
CVE-2018-17975: An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
CVE-2018-17939: An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
CVE-2018-17976: An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
TEMP-0902726-51ACFE:
CVE-2018-19495:
CVE-2018-16049: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVE-2018-20492:
CVE-2018-16051: An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVE-2018-20229:
CVE-2018-19577:
CVE-2018-18641: An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

Please fix them.

Created: 2018-03-23 Last update: 2019-01-05 07:57

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2018-10-01 Last update: 2019-01-17 21:20

RM: This package has been requested to be removed. normal

This package has been requested to be removed. This means that, when this request gets processed by an ftp-master, this package will no longer be in unstable, and will automatically be removed from testing too afterwards. If for some reason you want keep this package in unstable, please discuss so in the bug. Please see bug number #912972 for more information.

Created: 2018-11-05 Last update: 2018-11-05 13:31

news

[rss feed]

[2019-01-05] gitlab 11.5.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-03] Accepted gitlab 11.5.6+dfsg-1 (source all) into unstable (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2018-12-27] Accepted gitlab 11.6.0+dfsg-1 (source) into experimental (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2018-12-24] gitlab 11.5.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-23] Accepted gitlab 10.8.7+dfsg-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-12-21] Accepted gitlab 11.5.5+dfsg-1 (source) into unstable (Sruthi Chandran) (signed by: Praveen Arimbrathodiyil)
[2018-12-20] gitlab 11.5.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-15] Accepted gitlab 11.5.4+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-12-15] Accepted gitlab 11.5.3+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-12-14] gitlab 11.4.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-12-08] Accepted gitlab 11.4.9+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-12-06] Accepted gitlab 11.4.9+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-12-02] gitlab 11.3.11+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-11-29] Accepted gitlab 11.3.11+dfsg-1 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-22] Accepted gitlab 11.3.10+dfsg-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-21] Accepted gitlab 11.3.10+dfsg-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-20] Accepted gitlab 11.2.8+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-19] Accepted gitlab 11.2.8+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-17] Accepted gitlab 11.1.8+dfsg-2 (source all) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-11-16] Accepted gitlab 11.1.8+dfsg-1 (source all) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-25] gitlab 10.8.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-10-19] Accepted gitlab 10.8.7+dfsg-1 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-13] Accepted gitlab 10.7.7+dfsg-3 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.7+dfsg-2 (source) into unstable (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.7+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.6+dfsg-2 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.6+dfsg-1 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-10-12] Accepted gitlab 10.7.5+dfsg-3 (source all) into experimental, experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-06-03] Accepted gitlab 10.7.5+dfsg-2 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)
[2018-06-03] Accepted gitlab 10.7.5+dfsg-1 (source) into experimental (Pirate Praveen) (signed by: Praveen Arimbrathodiyil)

bugs [bug history graph]

all: 35
RC: 2
I&N: 27
M&W: 5
F&P: 1
patch: 2

links

homepage
lintian (0, 68)
buildd: logs, exp, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots