r51852 - in /trunk/libapache2-mod-perl2/debian: changelog patches/100-svn-XSS-Status.patch patches/series
dmn at users.alioth.debian.org
dmn at users.alioth.debian.org
Sat Jan 30 14:51:20 UTC 2010
Author: dmn
Date: Sat Jan 30 14:51:12 2010
New Revision: 51852
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=51852
Log:
add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
Patch taken from r760926 of upstream SVN.
Closes: #567635
Added:
trunk/libapache2-mod-perl2/debian/patches/100-svn-XSS-Status.patch
Modified:
trunk/libapache2-mod-perl2/debian/changelog
trunk/libapache2-mod-perl2/debian/patches/series
Modified: trunk/libapache2-mod-perl2/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libapache2-mod-perl2/debian/changelog?rev=51852&op=diff
==============================================================================
--- trunk/libapache2-mod-perl2/debian/changelog (original)
+++ trunk/libapache2-mod-perl2/debian/changelog Sat Jan 30 14:51:12 2010
@@ -7,6 +7,11 @@
[ Dario Minnucci ]
* docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch
to fix link URL. (Closes: #507606)
+
+ [ Damyan Ivanov ]
+ * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
+ Patch taken from r760926 of upstream SVN.
+ Closes: #567635
-- Dario Minnucci <midget at debian.org> Wed, 13 Jan 2010 08:42:40 +0100
Added: trunk/libapache2-mod-perl2/debian/patches/100-svn-XSS-Status.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libapache2-mod-perl2/debian/patches/100-svn-XSS-Status.patch?rev=51852&op=file
==============================================================================
--- trunk/libapache2-mod-perl2/debian/patches/100-svn-XSS-Status.patch (added)
+++ trunk/libapache2-mod-perl2/debian/patches/100-svn-XSS-Status.patch Sat Jan 30 14:51:12 2010
@@ -1,0 +1,50 @@
+# Description: Fix XSS in Apache2::Status (CVE-2009-0796)
+# Origin: http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?r1=607697&r2=760926&pathrev=761081&view=patch
+# Bug-Debian: 567635
+--- a/lib/Apache2/Status.pm
++++ b/lib/Apache2/Status.pm
+@@ -29,7 +29,7 @@ use File::Spec ();
+
+ use Apache2::Const -compile => qw(OK);
+
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+
+@@ -126,7 +126,7 @@ sub handler {
+ $r->print(symdump($r, $qs));
+ }
+ else {
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ $r->print('<p>');
+ $r->print(
+ map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@ sub status_section_config {
+ sub status_inc {
+ my ($r) = @_;
+
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my @retval = (
+ '<table border="1">',
+ "<tr>",
+@@ -289,7 +289,7 @@ sub status_rgysubs {
+ my ($r) = @_;
+
+ local $_;
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my $cache = __PACKAGE__->registry_cache;
+
+ my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@ sub as_HTML {
+ my ($self, $package, $r) = @_;
+
+ my @m = qw(<table>);
+- my $uri = $r->uri;
++ my $uri = $r->location;
+ my $is_main = $package eq "main";
+
+ my $do_dump = has($r, "dumper");
Modified: trunk/libapache2-mod-perl2/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libapache2-mod-perl2/debian/patches/series?rev=51852&op=diff
==============================================================================
--- trunk/libapache2-mod-perl2/debian/patches/series (original)
+++ trunk/libapache2-mod-perl2/debian/patches/series Sat Jan 30 14:51:12 2010
@@ -7,3 +7,4 @@
030-apxs-no-prefix.patch
031-test-extra-args.patch
035-testrequest_add_credentials.patch
+100-svn-XSS-Status.patch
More information about the Pkg-perl-cvs-commits
mailing list