add patch for CVE-2008-2939

author: Benedikt Boehm <hollow@gentoo.org> 2008-08-29 13:25:27 +0000
committer: Benedikt Boehm <hollow@gentoo.org> 2008-08-29 13:25:27 +0000
commit: 461bd74d510470a2632cb86ab4b7f0cbf8862c74 (patch)
tree: 3b4a0d320b7cea291777da925063a6e6793b5a82 /2.2
parent: make init script sh compliant (diff)
download: apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.gz
apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.bz2
apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/2.2/patches/10_all_CVE-2008-2939.patch b/2.2/patches/10_all_CVE-2008-2939.patch
new file mode 100644
index 0000000..7bf57c8
--- /dev/null
+++ b/2.2/patches/10_all_CVE-2008-2939.patch
@@ -0,0 +1,10 @@
+--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c	2008/08/05 19:00:05	682869
++++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c	2008/08/05 19:01:50	682870
+@@ -383,6 +383,7 @@
+                                                            c->bucket_alloc));
+         }
+         if (wildcard != NULL) {
++            wildcard = ap_escape_html(p, wildcard);
+             APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
+                                                            strlen(wildcard), p,
+                                                            c->bucket_alloc));
author	Benedikt Boehm <hollow@gentoo.org>	2008-08-29 13:25:27 +0000
committer	Benedikt Boehm <hollow@gentoo.org>	2008-08-29 13:25:27 +0000
commit	461bd74d510470a2632cb86ab4b7f0cbf8862c74 (patch)
tree	3b4a0d320b7cea291777da925063a6e6793b5a82 /2.2
parent	make init script sh compliant (diff)
download	apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.gz apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.bz2 apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.zip