[Pkg-nagios-changes] [SCM] Debian packaging for Nagios3 branch, master, updated. debian/3.2.3-3-17-g05584c8
Alexander Wirt
formorer at debian.org
Fri Jun 15 08:27:17 UTC 2012
The following commit has been merged in the master branch:
commit 39a1e9cdcbe961e9fef9286ea9d040d82ddd56b0
Author: Alexander Wirt <formorer at debian.org>
Date: Sat May 5 13:45:29 2012 +0200
Remove now unneeded patch 98_fix_XSS_CVE-2011-2179
diff --git a/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch b/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch
deleted file mode 100755
index 0297833..0000000
--- a/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch
+++ /dev/null
@@ -1,20 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 98_fix_XSS_CVE-2011-2179.dpatch by Alexander Wirt <formorer at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: fix cross site scripting vulnerability in config.cgi on config expander arguments
-## DP: CVE-2011-2179
-
- at DPATCH@
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nagios3~/cgi/config.c pkg-nagios3/cgi/config.c
---- pkg-nagios3~/cgi/config.c 2011-05-22 08:22:20.000000000 +0200
-+++ pkg-nagios3/cgi/config.c 2011-06-04 20:13:24.388437809 +0200
-@@ -426,7 +426,7 @@
- error=TRUE;
- break;
- }
-- strncpy(to_expand,variables[x],MAX_COMMAND_BUFFER);
-+ strncpy(to_expand,escape_string(variables[x]),MAX_COMMAND_BUFFER);
- to_expand[MAX_COMMAND_BUFFER-1]='\0';
- }
-
--
Debian packaging for Nagios3
More information about the Pkg-nagios-changes
mailing list