/[packages]/updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17790.patch
ViewVC logotype

Annotation of /updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17790.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1187965 - (hide annotations) (download)
Sat Dec 30 17:15:36 2017 UTC (6 years, 2 months ago) by luigiwalser
File size: 755 byte(s)
add patches from debian to fix CVE-2017-17405 and CVE-2017-17790
1 luigiwalser 1187965 From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
2     Date: Thu, 21 Dec 2017 17:02:44 +0100
3     Subject: CVE-2017-17790: Fixed command injection in
4     Resolv::Hosts#lazy_initialize
5    
6     This is upstream commit
7    
8     e7464561b5151501beb356fc750d5dd1a88014f7
9     ---
10     lib/resolv.rb | 2 +-
11     1 file changed, 1 insertion(+), 1 deletion(-)
12    
13     diff --git a/lib/resolv.rb b/lib/resolv.rb
14     index 1e18893..308466f 100644
15     --- a/lib/resolv.rb
16     +++ b/lib/resolv.rb
17     @@ -186,7 +186,7 @@ class Resolv
18     unless @initialized
19     @name2addr = {}
20     @addr2name = {}
21     - open(@filename, 'rb') {|f|
22     + File.open(@filename, 'rb') {|f|
23     f.each {|line|
24     line.sub!(/#.*/, '')
25     addr, hostname, *aliases = line.split(/\s+/)

  ViewVC Help
Powered by ViewVC 1.1.30