diff options
Diffstat (limited to 'sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch')
| -rw-r--r-- | sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch new file mode 100644 index 000000000000..6f49bbedb7c0 --- /dev/null +++ b/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch @@ -0,0 +1,27 @@ +From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001 +From: Justin Bronder <jsbronder@gmail.com> +Date: Mon, 23 Dec 2013 11:39:03 -0500 +Subject: [PATCH] CVE-2013-6395 fix xss + +https://bugs.gentoo.org/show_bug.cgi?id=492580 +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395 +--- + header.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/header.php b/header.php +index d0a30c2..e1cb0e8 100755 +--- a/header.php ++++ b/header.php +@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time); + ///////////////////////////////////////////////////////////////////////// + if ( $context == "cluster" ) { + if ( isset($user['host_regex']) && $user['host_regex'] != "" ) +- $set_host_regex_value="value='" . $user['host_regex'] . "'"; ++ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'"; + else + $set_host_regex_value=""; + +-- +1.8.3.2 + |