/[packages]/updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17405.patch
ViewVC logotype

Contents of /updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17405.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1187965 - (show annotations) (download)
Sat Dec 30 17:15:36 2017 UTC (2 years, 7 months ago) by luigiwalser
File size: 1639 byte(s)
add patches from debian to fix CVE-2017-17405 and CVE-2017-17790
1 From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
2 Date: Thu, 21 Dec 2017 17:02:44 +0100
3 Subject: CVE-2017-17405: Fix a command injection vulnerability in Net::FTP.
4
5 These are upstream commits
6
7 1cfe43fd85c66a9e2b5068480b3e043c31e6b8ca
8 ---
9 lib/net/ftp.rb | 10 +++++-----
10 1 file changed, 5 insertions(+), 5 deletions(-)
11
12 diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
13 index 149fc6a..94dcccd 100644
14 --- a/lib/net/ftp.rb
15 +++ b/lib/net/ftp.rb
16 @@ -563,10 +563,10 @@ module Net
17 if localfile
18 if @resume
19 rest_offset = File.size?(localfile)
20 - f = open(localfile, "a")
21 + f = File.open(localfile, "a")
22 else
23 rest_offset = nil
24 - f = open(localfile, "w")
25 + f = File.open(localfile, "w")
26 end
27 elsif !block_given?
28 result = ""
29 @@ -594,7 +594,7 @@ module Net
30 def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line
31 result = nil
32 if localfile
33 - f = open(localfile, "w")
34 + f = File.open(localfile, "w")
35 elsif !block_given?
36 result = ""
37 end
38 @@ -640,7 +640,7 @@ module Net
39 else
40 rest_offset = nil
41 end
42 - f = open(localfile)
43 + f = File.open(localfile)
44 begin
45 f.binmode
46 if rest_offset
47 @@ -659,7 +659,7 @@ module Net
48 # passing in the transmitted data one line at a time.
49 #
50 def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
51 - f = open(localfile)
52 + f = File.open(localfile)
53 begin
54 storlines("STOR " + remotefile, f, &block)
55 ensure

  ViewVC Help
Powered by ViewVC 1.1.28