Gentoo Archives: gentoo-commits

From:	"Justin Bronder (jsbronder)" <jsbronder@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sys-cluster/ganglia-web/files: CVE-2013-6395-fix-xss.patch
Date:	Mon, 23 Dec 2013 16:54:41
Message-Id:	`20131223165437.7683E2004E@flycatcher.gentoo.org`

1	jsbronder 13/12/23 16:54:37
2
3	Added: CVE-2013-6395-fix-xss.patch
4	Log:
5	Add patch to fix CVE-2013-6395 (#492580).
6
7	(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
8
9	Revision Changes Path
10	1.1 sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch?rev=1.1&content-type=text/plain
14
15	Index: CVE-2013-6395-fix-xss.patch
16	===================================================================
17	From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001
18	From: Justin Bronder <jsbronder@×××××.com>
19	Date: Mon, 23 Dec 2013 11:39:03 -0500
20	Subject: [PATCH] CVE-2013-6395 fix xss
21
22	https://bugs.gentoo.org/show_bug.cgi?id=492580
23	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395
24	---
25	header.php \| 2 +-
26	1 file changed, 1 insertion(+), 1 deletion(-)
27
28	diff --git a/header.php b/header.php
29	index d0a30c2..e1cb0e8 100755
30	--- a/header.php
31	+++ b/header.php
32	@@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time);
33	/////////////////////////////////////////////////////////////////////////
34	if ( $context == "cluster" ) {
35	if ( isset($user['host_regex']) && $user['host_regex'] != "" )
36	- $set_host_regex_value="value='" . $user['host_regex'] . "'";
37	+ $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'";
38	else
39	$set_host_regex_value="";
40
41	--
42	1.8.3.2

Report Message

Find on MARC Find on Google Groups