Projects
openEuler:Mainline
tomcat
_service:tar_scm:CVE-2019-0221.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2019-0221.patch of Package tomcat
From 15fcd166ea2c1bb79e8541b8e1a43da9c452ceea Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Mon, 11 Mar 2019 11:33:03 +0000 Subject: [PATCH] Escape debug output to aid readability reason: Escape debug output to aid readability, fix CVE CVE-2019-0221 https://github.com/apache/tomcat/commit/15fcd16 --- java/org/apache/catalina/ssi/SSIPrintenv.java | 3 +-- webapps/docs/changelog.xml | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/ssi/SSIPrintenv.java b/java/org/apache/catalina/ssi/SSIPrintenv.java index 97470b2..092542f 100644 --- a/java/org/apache/catalina/ssi/SSIPrintenv.java +++ b/java/org/apache/catalina/ssi/SSIPrintenv.java @@ -41,8 +41,7 @@ public class SSIPrintenv implements SSICommand { } else { Collection<String> variableNames = ssiMediator.getVariableNames(); for (String variableName : variableNames) { - String variableValue = ssiMediator - .getVariableValue(variableName); + String variableValue = ssiMediator.getVariableValue(variableName, "entity"); //This shouldn't happen, since all the variable names must // have values if (variableValue == null) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 697cf07..cbd3961 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -52,6 +52,9 @@ <code>Expires</code> header as required by HTTP specification (RFC 7231, 7234). (kkolinko) </fix> + <fix> + Encode the output of the SSI <code>printenv</code> command. (markt) + </fix> </changelog> </subsection> </section> -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2