From: Gyorgy Sarvari <[email protected]> Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15642
Pick the patch mentioned in the nvm report. Signed-off-by: Gyorgy Sarvari <[email protected]> (cherry picked from commit 241abdec1282b65eab79923434a059e6d6f869f6) Signed-off-by: Ankur Tyagi <[email protected]> --- ...es-cannot-contact-special-characters.patch | 26 +++++++++++++++++++ .../recipes-webadmin/webmin/webmin_1.850.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-webserver/recipes-webadmin/webmin/files/0001-Object-names-cannot-contact-special-characters.patch diff --git a/meta-webserver/recipes-webadmin/webmin/files/0001-Object-names-cannot-contact-special-characters.patch b/meta-webserver/recipes-webadmin/webmin/files/0001-Object-names-cannot-contact-special-characters.patch new file mode 100644 index 0000000000..9abb02a6ae --- /dev/null +++ b/meta-webserver/recipes-webadmin/webmin/files/0001-Object-names-cannot-contact-special-characters.patch @@ -0,0 +1,26 @@ +From 8470368e42af2b66a31a112299df6239fccf111e Mon Sep 17 00:00:00 2001 +From: Jamie Cameron <[email protected]> +Date: Sat, 3 Aug 2019 22:41:37 -0700 +Subject: [PATCH] Object names cannot contact special characters + +CVE: CVE-2019-15642 +Upstream-Status: Backport [https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c] + +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + web-lib-funcs.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl +index df673bb7..bbe154a9 100755 +--- a/web-lib-funcs.pl ++++ b/web-lib-funcs.pl +@@ -7102,7 +7102,7 @@ elsif ($v[0] eq 'REF') { + elsif ($v[0] eq 'UNDEF') { + $rv = undef; + } +-elsif ($v[0] =~ /^OBJECT\s+(.*)$/) { ++elsif ($v[0] =~ /^OBJECT\s+([A-Za-z0-9_:]+)$/) { + # An object hash that we have to re-bless + my $cls = $1; + $rv = { }; diff --git a/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb b/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb index 784e3b69b9..cc31ff35a7 100644 --- a/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb +++ b/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \ file://webmin.service \ file://0001-Escape-potentially-malicious-HTTP-headers.patch \ file://0001-HTML-escape-command-description.patch \ + file://0001-Object-names-cannot-contact-special-characters.patch \ " SRC_URI[md5sum] = "cd6ee98f73f9418562197675b952d81b"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121807): https://lists.openembedded.org/g/openembedded-devel/message/121807 Mute This Topic: https://lists.openembedded.org/mt/116352359/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
