Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: b5c5ed29395f
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: c1541a60287f
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Dec 11, 2019

  1. gitlab: 12.5.3 -> 12.5.4 

    https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/

Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.

When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.

The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.

CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory

closes #75506.
    @flokli
    flokli committed Dec 11, 2019
    Copy the full SHA
    5bf07d6 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #75508 from flokli/gitlab-12.5.4 

    gitlab: 12.5.3 -> 12.5.4
    @flokli
    flokli committed Dec 11, 2019
    Copy the full SHA
    c1541a6 View commit details
    Browse the repository at this point in the history