fb16dfecae
Commit b7f05445c0
has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner)
13 lines
607 B
Plaintext
13 lines
607 B
Plaintext
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5.
|
|
When multipart boundary attributes contain non-halting regular
|
|
expression strings, the boundary searcher in the CGI module does not properly
|
|
escape the parameter and will execute arbitrary regular expressions.
|
|
This fix adds escaping for the user data.
|
|
|
|
* Affected application servers: standalone CGI, Mongrel, WEBrick
|
|
* Unaffected: FastCGI, Ruby 1.8.6 (all servers)
|
|
* Unknown: mod_ruby
|
|
|
|
This fix will not modify versions of Ruby greater than 1.8.5, and is
|
|
cumulative with previous CGI multipart vulnerability fixes.
|