Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 144014 Details for
Bug 210754
app-text/sword <1.5.8-r2 shell command injection (CVE-2008-0932)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
shell_escape for the range parameter
sword_escape_range.patch (text/plain), 540 bytes, created by
Pierre-Yves Rofes (RETIRED)
on 2008-02-19 21:23:04 UTC
(
hide
)
Description:
shell_escape for the range parameter
Filename:
MIME Type:
Creator:
Pierre-Yves Rofes (RETIRED)
Created:
2008-02-19 21:23:04 UTC
Size:
540 bytes
patch
obsolete
>+--- sword-1.5.9.orig/utilities/diatheke/cgi/diatheke.pl 2008-02-18 22:10:09.000000000 +0000 >++++ sword-1.5.9/utilities/diatheke/cgi/diatheke.pl 2008-02-18 22:30:25.000000000 +0000 >+@@ -110,8 +110,7 @@ >+ $range = $mydata; >+ $range =~ tr/+/ /; >+ $range =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; >+- $range = "-r \"$range\""; >+- $range = shell_escape($range); >++ $range = "-r '" . shell_escape($range) . "'"; >+ } >+ >+ elsif ($varname eq "strongs") {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=144014">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 210754
: 144014
