Add CVE patch
This commit is contained in:
parent
885dd87a97
commit
4633e24a80
2 changed files with 29 additions and 0 deletions
28
debian/patches/cve-2017-0882.patch
vendored
Normal file
28
debian/patches/cve-2017-0882.patch
vendored
Normal file
|
@ -0,0 +1,28 @@
|
|||
Description: Security patch for CVE-2017-0882
|
||||
Author: Brian Neel
|
||||
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
|
||||
Last-Update: 2017-03-21
|
||||
---
|
||||
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||
--- a/app/controllers/projects/issues_controller.rb
|
||||
+++ b/app/controllers/projects/issues_controller.rb
|
||||
@@ -112,7 +112,7 @@
|
||||
end
|
||||
|
||||
format.json do
|
||||
- render json: @issue.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
|
||||
+ render json: @issue.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
|
||||
end
|
||||
end
|
||||
|
||||
--- a/app/controllers/projects/merge_requests_controller.rb
|
||||
+++ b/app/controllers/projects/merge_requests_controller.rb
|
||||
@@ -278,7 +278,7 @@
|
||||
@merge_request.target_project, @merge_request])
|
||||
end
|
||||
format.json do
|
||||
- render json: @merge_request.to_json(include: { milestone: {}, assignee: { methods: :avatar_url }, labels: { methods: :text_color } })
|
||||
+ render json: @merge_request.to_json(include: { milestone: {}, assignee: { only: [:name, :username], methods: [:avatar_url] }, labels: { methods: :text_color } }, methods: [:task_status, :task_status_short])
|
||||
end
|
||||
end
|
||||
else
|
1
debian/patches/series
vendored
1
debian/patches/series
vendored
|
@ -9,3 +9,4 @@ pid-log-paths.patch
|
|||
0200-remove-order-dependency-in-label-finder-spec.patch
|
||||
0210-use-jquery-ui-rails6.patch
|
||||
0300-git-2-11-support.patch
|
||||
cve-2017-0882.patch
|
||||
|
|
Loading…
Reference in a new issue