Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 72928 Details for
Bug 111990
media-sound/gnump3d more issues (CVE-2005-33{49|55})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
gnump3d-traversal.diff
gnump3d-traversal.diff (text/plain), 693 bytes, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-11-14 22:44:30 UTC
(
hide
)
Description:
gnump3d-traversal.diff
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-11-14 22:44:30 UTC
Size:
693 bytes
patch
obsolete
>--- gnump3d-orig 2005-11-14 23:50:36.000000000 +0000 >+++ gnump3d 2005-11-14 23:52:59.000000000 +0000 >@@ -756,6 +756,12 @@ > $val =~ s/^\s+//; > $val =~ s/\s+$//; > >+ if ( $key =~ /^theme$/i ) >+ { >+ # Themes may only be named using numbers + letters >+ $val =~ tr[A-Za-z0-9]||cd; >+ } >+ > # Could cookie traversal cause problems? > $val = &sanitizePath( $val ); > >@@ -829,6 +835,12 @@ > $key = &urlDecode( $key ); > $val = &urlDecode( $val ); > >+ if ( $key =~ /^theme$/i ) >+ { >+ # Themes may only be named using numbers + letters >+ $val =~ tr[A-Za-z0-9]||cd; >+ } >+ > # Avoid "../" attacks in parameter values. > $val = &sanitizePath( $val ); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=72928">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 111990
:
72860
|
72861
|
72928
|
73012
|
73013
|
73014
|
73015
