summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenedikt Boehm <hollow@gentoo.org>2008-08-29 13:25:27 +0000
committerBenedikt Boehm <hollow@gentoo.org>2008-08-29 13:25:27 +0000
commit461bd74d510470a2632cb86ab4b7f0cbf8862c74 (patch)
tree3b4a0d320b7cea291777da925063a6e6793b5a82 /2.2/patches
parentmake init script sh compliant (diff)
downloadapache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.gz
apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.tar.bz2
apache-461bd74d510470a2632cb86ab4b7f0cbf8862c74.zip
add patch for CVE-2008-2939
Diffstat (limited to '2.2/patches')
-rw-r--r--2.2/patches/10_all_CVE-2008-2939.patch10
1 files changed, 10 insertions, 0 deletions
diff --git a/2.2/patches/10_all_CVE-2008-2939.patch b/2.2/patches/10_all_CVE-2008-2939.patch
new file mode 100644
index 0000000..7bf57c8
--- /dev/null
+++ b/2.2/patches/10_all_CVE-2008-2939.patch
@@ -0,0 +1,10 @@
+--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c 2008/08/05 19:00:05 682869
++++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c 2008/08/05 19:01:50 682870
+@@ -383,6 +383,7 @@
+ c->bucket_alloc));
+ }
+ if (wildcard != NULL) {
++ wildcard = ap_escape_html(p, wildcard);
+ APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
+ strlen(wildcard), p,
+ c->bucket_alloc));