r66659 - /trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch
dmn at users.alioth.debian.org
dmn at users.alioth.debian.org
Thu Dec 30 17:41:45 UTC 2010
Author: dmn
Date: Thu Dec 30 17:41:36 2010
New Revision: 66659
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=66659
Log:
reject \012 and \015 in "pruned" header value too
Modified:
trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch
Modified: trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch?rev=66659&op=diff
==============================================================================
--- trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch (original)
+++ trunk/libcgi-simple-perl/debian/patches/cve-2010-4410.patch Thu Dec 30 17:41:36 2010
@@ -17,7 +17,7 @@
+
+ my $CRLF = $self->crlf;
+ $value =~ s/$CRLF(\s)/$1/sg;
-+ $value =~ /$CRLF/ and die "Invalid header value -- CRLF not followed by whitespace";
++ $value =~ /$CRLF|\012|\015/ and die "Invalid header value -- CRLF not followed by whitespace";
+
( $_ = $header )
=~ s/^(\w)(.*)/"\u$1\L$2" . ': '.$self->unescapeHTML($value)/e;
More information about the Pkg-perl-cvs-commits
mailing list