diff options
| author |   Wulf Krueger <philantrop@gentoo.org> | 2007-11-04 20:58:58 +0000 |
|---|---|---|
| committer | Wulf Krueger <philantrop@gentoo.org> | 2007-11-04 20:58:58 +0000 |
| commit | 590e3224104810dc2c0519bd57ce747ea5e58933 (patch) | |
| tree | efb4926207ff17c023df77bae3929ca7070e6c76 /net-news/yarssr/files | |
| parent | old (diff) | |
| download | gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.gz gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.tar.bz2 gentoo-2-590e3224104810dc2c0519bd57ce747ea5e58933.zip | |
Added a patch to fix plain 0.2.2's code injection vulnerability. cf. bug 197660. Removed the vulnerable version.
(Portage version: 2.1.3.16)
Diffstat (limited to 'net-news/yarssr/files')
| -rw-r--r-- | net-news/yarssr/files/digest-yarssr-0.2.2-r1 (renamed from net-news/yarssr/files/digest-yarssr-0.2.2) | 0 | ||||
| -rw-r--r-- | net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch | 12 |
2 files changed, 12 insertions, 0 deletions
diff --git a/net-news/yarssr/files/digest-yarssr-0.2.2 b/net-news/yarssr/files/digest-yarssr-0.2.2-r1 index 79d0ed3babeb..79d0ed3babeb 100644 --- a/net-news/yarssr/files/digest-yarssr-0.2.2 +++ b/net-news/yarssr/files/digest-yarssr-0.2.2-r1 diff --git a/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch new file mode 100644 index 000000000000..4f5b11130f6f --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-code_injection_197660.patch @@ -0,0 +1,12 @@ +diff -urNad yarssr-0.2.2~/lib/Yarssr/GUI.pm yarssr-0.2.2/lib/Yarssr/GUI.pm +--- yarssr-0.2.2~/lib/Yarssr/GUI.pm 2007-10-31 12:40:08.000000000 +0100 ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm 2007-10-31 12:42:17.958217449 +0100 +@@ -164,7 +164,7 @@ + else { + my $b = Yarssr::Config->get_browser; + $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ exec(split(' ',$b)) or warn "unable to launch browser\n"; + exit; + } + } |