diff options
| author | Stefan Fritsch <sf@debian.org> | 2008-08-06 21:09:19 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2012-01-02 10:36:57 +0100 |
| commit | 48bf177c1307c759ba38c62619bb7dcd4ec4fee4 (patch) | |
| tree | 745bad52182a76cfbc079f157815b8994c088941 | |
| parent | 07b5157d1a8fb9fdf701edc592d1a5216a963bee (diff) | |
| download | apache2-48bf177c1307c759ba38c62619bb7dcd4ec4fee4.tar.gz | |
Fix XSS in mod_proxy_ftp (CVE-2008-2939)
git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@794 01b336ce-410b-0410-9a02-a0e7f243c266
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rwxr-xr-x | debian/patches/060_mod_proxy_ftp_CVE-2008-2939.dpatch | 16 |
3 files changed, 23 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 163930bc..217e2260 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +apache2 (2.2.9-7) UNRELEASED; urgency=low + + * Fix XSS in mod_proxy_ftp (CVE-2008-2939). + + -- Stefan Fritsch <sf@debian.org> Wed, 06 Aug 2008 23:07:56 +0200 + apache2 (2.2.9-6) unstable; urgency=high * Urgency high for RC bug fix. diff --git a/debian/patches/00list b/debian/patches/00list index 7c44e756..77fb84e7 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -18,6 +18,7 @@ 057_disablemods.dpatch 058_suexec-CVE-2007-1742.dpatch 059_sparc_sigbus.dpatch +060_mod_proxy_ftp_CVE-2008-2939.dpatch 099_config_guess_sub_update 200_cp_suexec.dpatch 201_build_suexec-custom.dpatch diff --git a/debian/patches/060_mod_proxy_ftp_CVE-2008-2939.dpatch b/debian/patches/060_mod_proxy_ftp_CVE-2008-2939.dpatch new file mode 100755 index 00000000..f07d953a --- /dev/null +++ b/debian/patches/060_mod_proxy_ftp_CVE-2008-2939.dpatch @@ -0,0 +1,16 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: http://svn.apache.org/viewvc?view=rev&revision=682870 + +@DPATCH@ +--- 2.2.x/modules/proxy/mod_proxy_ftp.c 2008/08/05 19:00:05 682869 ++++ 2.2.x/modules/proxy/mod_proxy_ftp.c 2008/08/05 19:01:50 682870 +@@ -383,6 +383,7 @@ + c->bucket_alloc)); + } + if (wildcard != NULL) { ++ wildcard = ap_escape_html(p, wildcard); + APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard, + strlen(wildcard), p, + c->bucket_alloc)); |