mirror of
git://slackware.nl/current.git
synced 2025-01-28 08:02:25 +01:00
a44e6a9f0b
patches/packages/curl-8.9.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
patches/packages/htdig-3.2.0b6-x86_64-10_slack15.0.txz: Rebuilt.
Patch XSS vulnerability. Thanks to jayjwa.
Get this out of cgi-bin. Thanks to LuckyCyborg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2007-6110
(* Security fix *)
patches/packages/libxml2-2.11.9-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix XXE protection in downstream code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-40896
(* Security fix *)
24 lines
930 B
Diff
24 lines
930 B
Diff
diff -u htdig-3.2.0b6/htsearch/Display.cc htdig-3.2.0b6/htsearch/Display.cc
|
|
--- htdig-3.2.0b6/htsearch/Display.cc
|
|
+++ htdig-3.2.0b6/htsearch/Display.cc
|
|
@@ -138,7 +138,7 @@
|
|
// Must temporarily stash the message in a String, since
|
|
// displaySyntaxError will overwrite the static temp used in form.
|
|
|
|
- String s(form("No such sort method: `%s'", (const char*)config->Find("sort")));
|
|
+ String s("Invalid sort method.");
|
|
|
|
displaySyntaxError(s);
|
|
return;
|
|
--- htdig-3.2.0b6.orig/libhtdig/ResultFetch.cc
|
|
+++ htdig-3.2.0b6/libhtdig/ResultFetch.cc
|
|
@@ -142,7 +142,7 @@
|
|
// Must temporarily stash the message in a String, since
|
|
// displaySyntaxError will overwrite the static temp used in form.
|
|
|
|
- String s(form("No such sort method: `%s'", (const char *) config->Find("sort")));
|
|
+ String s("Invalid search method.");
|
|
|
|
displaySyntaxError(s);
|
|
//return;
|
|
|