Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 175629 Details for
Bug 251343
dev-util/git <1.6.0.6 gitweb privilege escalation (CVE-2008-{5516,5517,5916})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
gitweb hotfix for 1.6.0.X
0002.txt (text/plain), 1.59 KB, created by
Robert Buchholz (RETIRED)
on 2008-12-17 18:48:55 UTC
(
hide
)
Description:
gitweb hotfix for 1.6.0.X
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-12-17 18:48:55 UTC
Size:
1.59 KB
patch
obsolete
>diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl >index ced7bb7..804670c 100755 >--- a/gitweb/gitweb.perl >+++ b/gitweb/gitweb.perl >@@ -4863,43 +4863,9 @@ sub git_blobdiff { > or die_error(500, "Open git-diff-tree failed"); > } > >- # old/legacy style URI >- if (!%diffinfo && # if new style URI failed >- defined $hash && defined $hash_parent) { >- # fake git-diff-tree raw output >- $diffinfo{'from_mode'} = $diffinfo{'to_mode'} = "blob"; >- $diffinfo{'from_id'} = $hash_parent; >- $diffinfo{'to_id'} = $hash; >- if (defined $file_name) { >- if (defined $file_parent) { >- $diffinfo{'status'} = '2'; >- $diffinfo{'from_file'} = $file_parent; >- $diffinfo{'to_file'} = $file_name; >- } else { # assume not renamed >- $diffinfo{'status'} = '1'; >- $diffinfo{'from_file'} = $file_name; >- $diffinfo{'to_file'} = $file_name; >- } >- } else { # no filename given >- $diffinfo{'status'} = '2'; >- $diffinfo{'from_file'} = $hash_parent; >- $diffinfo{'to_file'} = $hash; >- } >- >- # non-textual hash id's can be cached >- if ($hash =~ m/^[0-9a-fA-F]{40}$/ && >- $hash_parent =~ m/^[0-9a-fA-F]{40}$/) { >- $expires = '+1d'; >- } >- >- # open patch output >- open $fd, "-|", git_cmd(), "diff", @diff_opts, >- '-p', ($format eq 'html' ? "--full-index" : ()), >- $hash_parent, $hash, "--" >- or die_error(500, "Open git-diff failed"); >- } else { >- die_error(400, "Missing one of the blob diff parameters") >- unless %diffinfo; >+ # old/legacy style URI -- not generated anymore since 1.4.3. >+ if (!%diffinfo) { >+ die_error('404 Not Found', "Missing one of the blob diff parameters") > } > > # header
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 251343
:
175628
| 175629 |
176214