From: | "Justin Bronder (jsbronder)" <jsbronder@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in sys-cluster/ganglia-web/files: CVE-2013-6395-fix-xss.patch |
Date: | Mon, 23 Dec 2013 16:54:41 |
Message-Id: | 20131223165437.7683E2004E@flycatcher.gentoo.org |
1 | jsbronder 13/12/23 16:54:37 |
2 | |
3 | Added: CVE-2013-6395-fix-xss.patch |
4 | Log: |
5 | Add patch to fix CVE-2013-6395 (#492580). |
6 | |
7 | (Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9) |
8 | |
9 | Revision Changes Path |
10 | 1.1 sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch |
11 | |
12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch?rev=1.1&view=markup |
13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/ganglia-web/files/CVE-2013-6395-fix-xss.patch?rev=1.1&content-type=text/plain |
14 | |
15 | Index: CVE-2013-6395-fix-xss.patch |
16 | =================================================================== |
17 | From a014c9542710ad50fd1a7fd1eb39b44261edf3a2 Mon Sep 17 00:00:00 2001 |
18 | From: Justin Bronder <jsbronder@×××××.com> |
19 | Date: Mon, 23 Dec 2013 11:39:03 -0500 |
20 | Subject: [PATCH] CVE-2013-6395 fix xss |
21 | |
22 | https://bugs.gentoo.org/show_bug.cgi?id=492580 |
23 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6395 |
24 | --- |
25 | header.php | 2 +- |
26 | 1 file changed, 1 insertion(+), 1 deletion(-) |
27 | |
28 | diff --git a/header.php b/header.php |
29 | index d0a30c2..e1cb0e8 100755 |
30 | --- a/header.php |
31 | +++ b/header.php |
32 | @@ -485,7 +485,7 @@ $data->assign("custom_time", $custom_time); |
33 | ///////////////////////////////////////////////////////////////////////// |
34 | if ( $context == "cluster" ) { |
35 | if ( isset($user['host_regex']) && $user['host_regex'] != "" ) |
36 | - $set_host_regex_value="value='" . $user['host_regex'] . "'"; |
37 | + $set_host_regex_value="value='" . htmlentities($user['host_regex'], ENT_QUOTES) . "'"; |
38 | else |
39 | $set_host_regex_value=""; |
40 | |
41 | -- |
42 | 1.8.3.2 |