SOURCES: apache-CVE-2005-3357.patch (NEW), apache-CVE-2005-3352.pa...
glen
glen at pld-linux.org
Tue Feb 7 21:02:51 CET 2006
Author: glen Date: Tue Feb 7 20:02:50 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- for apache 2.2
---- Files affected:
SOURCES:
apache-CVE-2005-3357.patch (1.2 -> 1.3) (NEW), apache-CVE-2005-3352.patch (1.2 -> 1.3) (NEW)
---- Diffs:
================================================================
Index: SOURCES/apache-CVE-2005-3357.patch
diff -u /dev/null SOURCES/apache-CVE-2005-3357.patch:1.3
--- /dev/null Tue Feb 7 21:02:50 2006
+++ SOURCES/apache-CVE-2005-3357.patch Tue Feb 7 21:02:45 2006
@@ -0,0 +1,36 @@
+
+Author: jorton
+Date: Fri Jan 13 06:21:42 2006
+New Revision: 368730
+
+URL: http://svn.apache.org/viewcvs?rev=368730&view=rev
+Log:
+Merge r354394 from trunk:
+
+* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Omit further
+access control checks if SSL is not in use regardless of vhost
+settings.
+
+Submitted by: RĂźdiger PlĂźm, Joe Orton
+Reviewed by: rpluem, jorton, jim
+PR: 37791
+
+--- httpd-2.2.0/modules/ssl/ssl_engine_kernel.c.cve3357
++++ httpd-2.2.0/modules/ssl/ssl_engine_kernel.c
+@@ -202,11 +202,14 @@
+ }
+
+ /*
+- * Check to see if SSL protocol is on
++ * Check to see whether SSL is in use; if it's not, then no
++ * further access control checks are relevant. (the test for
++ * sc->enabled is probably strictly unnecessary)
+ */
+- if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
++ if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
+ return DECLINED;
+ }
++
+ /*
+ * Support for per-directory reconfigured SSL connection parameters.
+ *
================================================================
Index: SOURCES/apache-CVE-2005-3352.patch
diff -u /dev/null SOURCES/apache-CVE-2005-3352.patch:1.3
--- /dev/null Tue Feb 7 21:02:50 2006
+++ SOURCES/apache-CVE-2005-3352.patch Tue Feb 7 21:02:45 2006
@@ -0,0 +1,46 @@
+
+Author: mjc
+Date: Mon Dec 12 09:27:59 2005
+New Revision: 356291
+
+URL: http://svn.apache.org/viewcvs?rev=356291&view=rev
+Log:
+Fix moderate security issue CVE-2005-3352 mod_imap cross-site scripting flaw
+
+Submitted by: Mark Cox <mjc apache.org>
+Reviewed by: jorton, mjc, fielding
+PR: 37874
+
+--- httpd-2.2.0/modules/mappers/mod_imagemap.c.cve3352
++++ httpd-2.2.0/modules/mappers/mod_imagemap.c
+@@ -342,7 +342,7 @@
+ if (!strcasecmp(value, "referer")) {
+ referer = apr_table_get(r->headers_in, "Referer");
+ if (referer && *referer) {
+- return apr_pstrdup(r->pool, referer);
++ return ap_escape_html(r->pool, referer);
+ }
+ else {
+ /* XXX: This used to do *value = '\0'; ... which is totally bogus
+--- httpd-2.2.0/server/util.c.cve3352
++++ httpd-2.2.0/server/util.c
+@@ -1748,6 +1748,8 @@
+ j += 3;
+ else if (s[i] == '&')
+ j += 4;
++ else if (s[i] == '"')
++ j += 5;
+
+ if (j == 0)
+ return apr_pstrmemdup(p, s, i);
+@@ -1766,6 +1768,10 @@
+ memcpy(&x[j], "&", 5);
+ j += 4;
+ }
++ else if (s[i] == '"') {
++ memcpy(&x[j], """, 6);
++ j += 5;
++ }
+ else
+ x[j] = s[i];
+
================================================================
More information about the pld-cvs-commit
mailing list