mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-04 01:48:54 +00:00
Code Issues Releases Activity
49de03986a
freebsd-ports/www/rubygem-cgi_multipart_eof_fix/distinfo
Philip M. Gollucci 161f074cf1 Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. 
When multipart boundary attributes contain non-halting regular
expression strings, the boundary searcher in the CGI module does not properly
escape the parameter and will execute arbitrary regular expressions.
This fix adds escaping for the user data.

    * Affected application servers: standalone CGI, Mongrel, WEBrick
    * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
    * Unknown: mod_ruby

This fix will not modify versions of Ruby greater than 1.8.5, and is
cumulative with previous CGI multipart vulnerability fixes.

WWW:    http://blog.evanweaver.com/#cgi_multipart_eof_fix
2010-12-08 19:18:29 +00:00

3 lines
171 B
Plaintext
Raw Blame History

SHA256 (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = f6638858f2748f2701ae96fc7a939000f0feba1870011483d7d10662140cd672
SIZE (rubygem/cgi_multipart_eof_fix-2.5.0.gem) = 11776
Reference in New Issue View Git Blame Copy Permalink