diff options
| author |   Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:37 +0000 |
|---|---|---|
| committer | Justin Bronder <jsbronder@gentoo.org> | 2013-12-23 16:54:37 +0000 |
| commit | 22928d11c1d0649cae1d77dd504992af742d9a22 (patch) | |
| tree | 4de1243f4c3f03ec15f3965529f3bd2832d38453 /sys-cluster/ganglia-web/files | |
| parent | amd64 stable, bug #488914 (diff) | |
| download | gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.gz gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.tar.bz2 gentoo-2-22928d11c1d0649cae1d77dd504992af742d9a22.zip | |
Add patch to fix CVE-2013-6395 (#492580).
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
Diffstat (limited to 'sys-cluster/ganglia-web/files')
| -rw-r--r-- | sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch new file mode 100644 index 000000000000..6f49bbedb7c0 --- /dev/null +++ b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch @@ -0,0 +1,27 @@ +From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@gmail.com> +Date: Mon, 23 Dec 2013 11:39:03 -0500 +Subject: [PATCH] CVE-2013-6395 fix xss + +https://bugs.gentoo.org/show_bug.cgi?id=492580 +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395 +--- + header.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/header.php b/header.php +index d0a30c2..e1cb0e8 100755 +--- a/header.php ++++ b/header.php +@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time); + ///////////////////////////////////////////////////////////////////////// + if ( $context == "cluster" ) { + if ( isset($user['host_regex']) && $user['host_regex'] != "" ) +- $set_host_regex_value="value='" . $user['host_regex'] . "'"; ++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'"; + else + $set_host_regex_value=""; + +-- +1.8.3.2 + |