[mono/el6] Patch for CVE-2012-3382 (bz 839979)
leigh123linux
leigh123linux at fedoraproject.org
Fri Jul 13 12:01:07 UTC 2012
commit b81991956468c04114d7d1f6ac0c2a0906eb1f10
Author: leigh123linux <leigh123linux at googlemail.com>
Date: Fri Jul 13 13:00:56 2012 +0100
Patch for CVE-2012-3382 (bz 839979)
CVE-2012-3382.patch | 11 +++++++++++
mono.spec | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2012-3382.patch b/CVE-2012-3382.patch
new file mode 100644
index 0000000..949a97d
--- /dev/null
+++ b/CVE-2012-3382.patch
@@ -0,0 +1,11 @@
+--- mono-2.4.3.1/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig 2009-10-26 20:44:24.000000000 +0000
++++ mono-2.4.3.1/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs 2012-07-13 12:54:42.628807327 +0100
+@@ -42,7 +42,7 @@ namespace System.Web
+
+ throw new HttpException (403,
+ "This type of page is not served.",
+- req != null ? req.Path : null,
++ req != null ? HttpUtility.HtmlEncode (req.Path) : null,
+ description);
+ }
+
diff --git a/mono.spec b/mono.spec
index 5de5967..fca9616 100644
--- a/mono.spec
+++ b/mono.spec
@@ -2,7 +2,7 @@
Name: mono
Version: 2.4.3.1
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: A .NET runtime environment
Group: Development/Languages
@@ -52,6 +52,7 @@ Patch4: mono-2.0-monoservice.patch
Patch5: mono-2.0-metadata-makefile.patch
Patch6: mono-242-libgdiplusconfig.patch
Patch7: mono-22-libdir.patch
+Patch8: CVE-2012-3382.patch
%description
The Mono runtime implements a JIT engine for the ECMA CLI
@@ -306,6 +307,7 @@ mono-moonlight are all the parts required for moonlight compilation
%patch6 -p1 -F 2 -b .libgdiplus
sed -i -e 's!@libdir@!%{_libdir}!' %{PATCH7}
%patch7 -p1 -b .libdir-22
+%patch8 -p1 -b .CVE-2012-3382
sed -i -e 's!%{_libdir}!@libdir@!' %{PATCH7}
sed -i -e 's!@prefix@/lib/!%{_libdir}/!' data/mono.web.pc.in
sed -i -e 's!@prefix@/lib/!%{_libdir}/!' data/system.web.extensions_1.0.pc.in
@@ -752,6 +754,9 @@ install -m 755 %{SOURCE3} %{buildroot}%{_bindir}/
%{_libdir}/pkgconfig/monodoc.pc
%changelog
+* Fri Jul 13 2012 Leigh Scott <leigh123linux at googlemail.com> - 2.4.3.1-4
+- Patch for CVE-2012-3382 (bz 839979)
+
* Mon Jun 27 2010 Leigh Scott <leigh123linux at googlemail.com> - 2.4.3.1-3
- rebuild against mono-core
More information about the scm-commits
mailing list