1 |
luigiwalser |
1187965 |
From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org> |
2 |
|
|
Date: Thu, 21 Dec 2017 17:02:44 +0100 |
3 |
|
|
Subject: CVE-2017-17790: Fixed command injection in |
4 |
|
|
Resolv::Hosts#lazy_initialize |
5 |
|
|
|
6 |
|
|
This is upstream commit |
7 |
|
|
|
8 |
|
|
e7464561b5151501beb356fc750d5dd1a88014f7 |
9 |
|
|
--- |
10 |
|
|
lib/resolv.rb | 2 +- |
11 |
|
|
1 file changed, 1 insertion(+), 1 deletion(-) |
12 |
|
|
|
13 |
|
|
diff --git a/lib/resolv.rb b/lib/resolv.rb |
14 |
|
|
index 1e18893..308466f 100644 |
15 |
|
|
--- a/lib/resolv.rb |
16 |
|
|
+++ b/lib/resolv.rb |
17 |
|
|
@@ -186,7 +186,7 @@ class Resolv |
18 |
|
|
unless @initialized |
19 |
|
|
@name2addr = {} |
20 |
|
|
@addr2name = {} |
21 |
|
|
- open(@filename, 'rb') {|f| |
22 |
|
|
+ File.open(@filename, 'rb') {|f| |
23 |
|
|
f.each {|line| |
24 |
|
|
line.sub!(/#.*/, '') |
25 |
|
|
addr, hostname, *aliases = line.split(/\s+/) |