/[packages]/updates/5/roundcubemail/current/SOURCES/roundcubemail-1.0.9-CVE-2017-6820.patch
ViewVC logotype

Contents of /updates/5/roundcubemail/current/SOURCES/roundcubemail-1.0.9-CVE-2017-6820.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1093540 - (show annotations) (download)
Sat Mar 18 19:25:59 2017 UTC (7 years, 1 month ago) by luigiwalser
File size: 485 byte(s) 
add upstream patch to fix CVE-2017-6820
1 --- roundcubemail-1.0.9/program/lib/Roundcube/rcube_utils.php.orig 2017-03-18 15:23:35.124352403 -0400
2 +++ roundcubemail-1.0.9/program/lib/Roundcube/rcube_utils.php 2017-03-18 15:24:17.222227045 -0400
3 @@ -550,6 +550,7 @@ class rcube_utils
4 $out = preg_replace_callback('/\\\([0-9a-f]{4})/i',
5 array(self, 'xss_entity_decode_callback'), $out);
6 $out = preg_replace('#/\*.*\*/#Ums', '', $out);
7 + $out = strip_tags($out);
8
9 return $out;
10 }
  ViewVC Help
Powered by ViewVC 1.1.30