[perl-Mojolicious/f14/master] Attempt at CVE-2011-1841(#701719)
Yanko Kaneti
yaneti at fedoraproject.org
Tue May 3 17:46:07 UTC 2011
commit 864a97192521adddc4a9586d382da4c602e2fc07
Author: Yanko Kaneti <yaneti at declera.com>
Date: Tue May 3 20:46:04 2011 +0300
Attempt at CVE-2011-1841(#701719)
perl-Mojolicious-security-CVE-2011-1841.patch | 14 ++++++++++++++
perl-Mojolicious.spec | 7 ++++++-
2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/perl-Mojolicious-security-CVE-2011-1841.patch b/perl-Mojolicious-security-CVE-2011-1841.patch
new file mode 100644
index 0000000..38b8dcd
--- /dev/null
+++ b/perl-Mojolicious-security-CVE-2011-1841.patch
@@ -0,0 +1,14 @@
+Only in Mojolicious-0.999925.xss: Changes.orig
+Only in Mojolicious-0.999925.xss: Changes.rej
+diff -ur Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm
+--- Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm 2010-05-25 19:21:45.000000000 +0300
++++ Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm 2011-05-03 20:18:35.768803106 +0300
+@@ -73,7 +73,7 @@
+ my $captures = ref $_[0] eq 'HASH' ? shift : {};
+
+ # Default content
+- push @_, sub { ucfirst $name }
++ push @_, sub { $name = Mojo::ByteStream->new($name)->xml_escape->to_string; ucfirst $name }
+ unless defined $_[-1] && ref $_[-1] eq 'CODE';
+
+ $self->_tag('a', href => $c->url_for($name, $captures), @_);
diff --git a/perl-Mojolicious.spec b/perl-Mojolicious.spec
index 6ef4906..90dc89f 100644
--- a/perl-Mojolicious.spec
+++ b/perl-Mojolicious.spec
@@ -1,12 +1,13 @@
Name: perl-Mojolicious
Version: 0.999929
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A next generation web framework for Perl
License: Artistic 2.0
Group: Development/Libraries
URL: http://mojolicious.org/
Source0: http://www.cpan.org/authors/id/K/KR/KRAIH/Mojolicious-%{version}.tar.gz
Patch0: perl-Mojolicious-security-bug697230.patch
+Patch1: perl-Mojolicious-security-CVE-2011-1841.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl >= 0:5.008007
@@ -27,6 +28,7 @@ a new attempt at implementing this idea using state of the art technology.
%prep
%setup -q -n Mojolicious-%{version}
%patch0 -p1 -b .bug697230
+%patch1 -p1 -b .CVE-2011-1841
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -58,6 +60,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Tue May 3 2011 Yanko Kaneti <yaneti at declera.com> 0.999929-3
+- Attempt at CVE-2011-1841(#701719)
+
* Sun Apr 17 2011 Yanko Kaneti <yaneti at declera.com> 0.999929-2
- Security bugfix attempt.
More information about the scm-commits
mailing list