This commit was manufactured by cvs2git to create branch 'RA-branch'.

author cvs2git <feedback@pld-linux.org>

Tue, 7 Feb 2006 19:35:42 +0000 (19:35 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author cvs2git <feedback@pld-linux.org>
Tue, 7 Feb 2006 19:35:42 +0000 (19:35 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/apache-CVE-2005-3352.patch b/apache-CVE-2005-3352.patch

new file mode 100644 (file)

index 0000000..2347338
--- /dev/null
+++ b/apache-CVE-2005-3352.patch
@@ -0,0 +1,35 @@
+http://bugs.gentoo.org/show_bug.cgi?id=118875
+
+--- server/util.c      (revision 330526)
++++ server/util.c      (working copy)
+@@ -1762,6 +1762,8 @@
+             j += 3;
+         else if (s[i] == '&')
+             j += 4;
++        else if (s[i] == '"')
++            j += 5;
+ 
+     if (j == 0)
+         return apr_pstrmemdup(p, s, i);
+@@ -1780,6 +1782,10 @@
+             memcpy(&x[j], "&amp;", 5);
+             j += 4;
+         }
++        else if (s[i] == '"') {
++            memcpy(&x[j], "&quot;", 6);
++            j += 5;
++        }
+         else
+             x[j] = s[i];
+ 
+--- modules/mappers/mod_imap.c (revision 330526)
++++ modules/mappers/mod_imap.c (working copy)
+@@ -342,7 +342,7 @@
+     if (!strcasecmp(value, "referer")) {
+         referer = apr_table_get(r->headers_in, "Referer");
+         if (referer && *referer) {
+-          return apr_pstrdup(r->pool, referer);
++          return ap_escape_html(r->pool, referer);
+         }
+         else {
+           /* XXX:  This used to do *value = '\0'; ... which is totally bogus
author	cvs2git <feedback@pld-linux.org>
	Tue, 7 Feb 2006 19:35:42 +0000 (19:35 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)