rpms / lynx

Clone
Source Code
GIT

Blame SOURCES/lynx-CVE-2008-4690.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f11bd66e794db923ca57defe5f6f4fe096f87aa9
  2.   SOURCES
  3.   lynx-CVE-2008-4690.patch
Blob History Raw
f11bd6 
From c60c227ab9a36246730d7454e33d40d2c66c88b3 Mon Sep 17 00:00:00 2001
f11bd6 
From: Kamil Dudka <kdudka@redhat.com>
f11bd6 
Date: Wed, 13 Feb 2013 15:26:22 +0100
f11bd6 
Subject: [PATCH] fix CVE-2008-4690
f11bd6
f11bd6 
prompt user before executing command via a lynxcgi link even in advanced mode,
f11bd6 
as the actual URL may not be shown but hidden behind an HTTP redirect and set
f11bd6 
TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default
f11bd6 
---
f11bd6 
 CHANGES     |    7 +++++++
f11bd6 
 lynx.cfg    |    2 +-
f11bd6 
 src/LYCgi.c |    2 +-
f11bd6 
 3 files changed, 9 insertions(+), 2 deletions(-)
f11bd6
f11bd6 
diff --git a/CHANGES b/CHANGES
f11bd6 
index 360be68..8eca013 100644
f11bd6 
--- a/CHANGES
f11bd6 
+++ b/CHANGES
f11bd6 
@@ -721,6 +721,13 @@ Changes since Lynx 2.8 release
f11bd6 
 * update win32 makefiles/build scripts to add LYmktime, parsdate modules -TD
f11bd6 
 * update config.guess (2008-04-14), config.sub (2008-06-16)
f11bd6
f11bd6 
+2008-10-26
f11bd6 
+* modify patch for CVE-2005-2929 to prompt user before executing command via
f11bd6 
+  a lynxcgi link even in advanced mode, as the actual URL may not be shown but
f11bd6 
+  hidden behind an HTTP redirect
f11bd6 
+* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default
f11bd6 
+  [CVE-2008-4690]
f11bd6 
+
f11bd6 
 2008-09-21 (2.8.7dev.10)
f11bd6 
 * remove rw.po, since the translation project no longer supplies it -TD
f11bd6 
 * implement "readonly" attribute for TEXTAREA and TEXT fields -TD
f11bd6 
diff --git a/lynx.cfg b/lynx.cfg
f11bd6 
index ee2aad3..144050d 100644
f11bd6 
--- a/lynx.cfg
f11bd6 
+++ b/lynx.cfg
f11bd6 
@@ -1061,7 +1061,7 @@ DEFAULT_INDEX_FILE:http://scout.wisc.edu/
f11bd6 
 #
f11bd6 
 # The default TRUSTED_LYNXCGI rule is "none".
f11bd6 
 #
f11bd6 
-#TRUSTED_LYNXCGI:none
f11bd6 
+TRUSTED_LYNXCGI:none
f11bd6
f11bd6 
 .h2 LYNXCGI_ENVIRONMENT
f11bd6 
 # Unix:
f11bd6 
diff --git a/src/LYCgi.c b/src/LYCgi.c
f11bd6 
index 832bb89..0ae8a7e 100644
f11bd6 
--- a/src/LYCgi.c
f11bd6 
+++ b/src/LYCgi.c
f11bd6 
@@ -164,7 +164,7 @@ static BOOL can_exec_cgi(const char *linktext, const char *linkargs)
f11bd6 
     if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {
f11bd6 
 	/* exec_ok gives out msg. */
f11bd6 
 	result = FALSE;
f11bd6 
-    } else {
f11bd6 
+    } else if (user_mode < ADVANCED_MODE) {
f11bd6 
 	StrAllocCopy(command, linktext);
f11bd6 
 	if (non_empty(linkargs)) {
f11bd6 
 	    HTSprintf(&command, " %s", linkargs);
f11bd6 
--
f11bd6 
1.7.1
f11bd6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation