/[packages]/updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17790.patch
ViewVC logotype

Contents of /updates/5/ruby/current/SOURCES/ruby-2.0.0-CVE-2017-17790.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1187965 - (show annotations) (download)
Sat Dec 30 17:15:36 2017 UTC (2 years, 7 months ago) by luigiwalser
File size: 755 byte(s)
add patches from debian to fix CVE-2017-17405 and CVE-2017-17790
1 From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
2 Date: Thu, 21 Dec 2017 17:02:44 +0100
3 Subject: CVE-2017-17790: Fixed command injection in
4 Resolv::Hosts#lazy_initialize
5
6 This is upstream commit
7
8 e7464561b5151501beb356fc750d5dd1a88014f7
9 ---
10 lib/resolv.rb | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13 diff --git a/lib/resolv.rb b/lib/resolv.rb
14 index 1e18893..308466f 100644
15 --- a/lib/resolv.rb
16 +++ b/lib/resolv.rb
17 @@ -186,7 +186,7 @@ class Resolv
18 unless @initialized
19 @name2addr = {}
20 @addr2name = {}
21 - open(@filename, 'rb') {|f|
22 + File.open(@filename, 'rb') {|f|
23 f.each {|line|
24 line.sub!(/#.*/, '')
25 addr, hostname, *aliases = line.split(/\s+/)

  ViewVC Help
Powered by ViewVC 1.1.28