/[packages]/updates/5/python-werkzeug/current/SOURCES/python-werkzeug-0.11.10-CVE-2016-10516.patch
ViewVC logotype

Annotation of /updates/5/python-werkzeug/current/SOURCES/python-werkzeug-0.11.10-CVE-2016-10516.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1186890 - (hide annotations) (download)
Fri Dec 29 00:21:00 2017 UTC (18 months, 2 weeks ago) by luigiwalser
File size: 951 byte(s)
add upstream patch to fix CVE-2016-10516
1 luigiwalser 1186890 From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001
2     From: Your Name <neargle@outlook.com>
3     Date: Wed, 31 Aug 2016 16:00:55 +0800
4     Subject: [PATCH] fix XSS in debugger
5    
6     Fix #1001
7     ---
8     werkzeug/debug/tbtools.py | 2 +-
9     1 files changed, 1 insertions(+), 1 deletion(-)
10    
11     diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py
12     index 42f9d928d..2ee4718cb 100644
13     --- a/werkzeug/debug/tbtools.py
14     +++ b/werkzeug/debug/tbtools.py
15     @@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None,
16     'exception': exc,
17     'exception_type': escape(self.exception_type),
18     'summary': self.render_summary(include_title=False),
19     - 'plaintext': self.plaintext,
20     + 'plaintext': escape(self.plaintext),
21     'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
22     'traceback_id': self.id,
23     'secret': secret

  ViewVC Help
Powered by ViewVC 1.1.26