[DRE-commits] [gitlab] 01/02: add patch for cve-2016-9469

Mon Dec 5 19:44:42 UTC 2016

This is an automated email from the git hooks/post-receive script.

praveen pushed a commit to branch master
in repository gitlab.

commit f0360bd323a1cbed028d38491ba2edabc2cc2d49
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date:   Mon Dec 5 11:53:48 2016 +0530

    add patch for cve-2016-9469
---
 debian/patches/cve-2016-9469.diff | 31 +++++++++++++++++++++++++++++++
 debian/patches/series             |  1 +
 2 files changed, 32 insertions(+)

diff --git a/debian/patches/cve-2016-9469.diff b/debian/patches/cve-2016-9469.diff
new file mode 100644
index 0000000..8802943
--- /dev/null
+++ b/debian/patches/cve-2016-9469.diff
@@ -0,0 +1,31 @@
+diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
+index e42d5af..2c9412b 100644
+--- a/app/finders/issuable_finder.rb
++++ b/app/finders/issuable_finder.rb
+@@ -7,7 +7,7 @@
+ #   current_user - which user use
+ #   params:
+ #     scope: 'created-by-me' or 'assigned-to-me' or 'all'
+-#     state: 'open' or 'closed' or 'all'
++#     state: 'opened' or 'closed' or 'all'
+ #     group_id: integer
+ #     project_id: integer
+ #     milestone_title: string
+@@ -183,10 +183,13 @@ class IssuableFinder
+   end
+ 
+   def by_state(items)
+-    params[:state] ||= 'all'
+-
+-    if items.respond_to?(params[:state])
+-      items.public_send(params[:state])
++    case params[:state].to_s
++    when 'closed'
++      items.closed
++    when 'merged'
++      items.respond_to?(:merged) ? items.merged : items.closed
++    when 'opened'
++      items.opened
+     else
+       items
+     end
diff --git a/debian/patches/series b/debian/patches/series
index 4e25370..73108a3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ source-init-functions.patch
 pid-log-paths.patch
 052-relax-grape.patch
 0200-remove-order-dependency-in-label-finder-spec.patch
+cve-2016-9469.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/gitlab.git

