| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
IRC bot
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ikiwiki's web interface does not currently have UI for removing
multiple pages simultaneously, but the remove plugin is robust
against doing so. Use a clearer idiom to make that obvious.
|
| |
|
|
|
|
|
|
|
|
| |
These instances of code similar to OVE-20170111-0001 are not believed
to be exploitable, because defined(), length(), setpassword(),
userinfo_set() and the binary "." operator all have prototypes that
force the relevant argument to be evaluated in scalar context. However,
using a safer idiom makes mistakes less likely.
(cherry picked from commit 69230a2220f673c66b5ab875bfc759b32a241c0d)
|
| |
|
|
|
|
| |
OVE-20170111-0001
(cherry picked from commit bffb71d6a7d28f6dd5f0be241f214e79eea7bb91)
|
| |
|
|
|
|
| |
In particular this includes an exploit for OVE-20170111-0001.
(cherry picked from commit fbe207212b1f4a395dc297fb274ef07afd7d68f3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling CGI::FormBuilder::field with a name argument in list context
returns zero or more user-specified values of the named field, even
if that field was not declared as supporting multiple values.
Passing the result of field as a function parameter counts as list
context. This is the same bad behaviour that is now discouraged
for CGI::param.
In this case we pass the multiple values to CGI::Session::param.
That accessor has six possible calling conventions, of which four are
documented. If an attacker passes (2*n + 1) values for the 'name'
field, for example name=a&name=b&name=c, we end up in one of the
undocumented calling conventions for param:
# equivalent to: (name => 'a', b => 'c')
$session->param('name', 'a', 'b', 'c')
and the 'b' session parameter is unexpectedly set to an
attacker-specified value.
In particular, if an attacker "bob" specifies
name=bob&name=name&name=alice, then authentication is carried out
for "bob" but the CGI::Session ends up containing {name => 'alice'},
an authentication bypass vulnerability.
This vulnerability is tracked as OVE-20170111-0001.
(cherry picked from commit e909eb93f4530a175d622360a8433e833ecf0254)
|
| | |
|
| |
|
|
|
| |
The virtual package libmagickcore-extra is now merely an alternative,
to help autopkgtest to do the right thing.
|
| | |
|
| |
|
|
| |
Moin Moin
|
| | |
|
| |
|
|
| |
It does not make much sense there.
|
| |
|
|
|
| |
It does not seem to have any more current URL, and in any case our
version is a fork.
|
| |
|
|
| |
intended interpretation
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Instead of logging "bad file name %s" and attempting to call the
(string) filename as a subroutine, actually do the intended
sprintf operation.
|
| |
|
|
|
|
| |
The Debian security tracker gets timely updates, whereas the official
CVE pages hosted by MITRE tend to show up as "RESERVED" for several
weeks or months after assignment.
|
| |
|
|
| |
security.debian.org currently rejects HTTPS connections.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git_sha1 already puts "--" before its arguments, so
git_sha1_file($dir, 'doc/index.mdwn')
would have incorrectly invoked
git rev-list --max-count=1 HEAD -- -- doc/index.mdwn
If there is no file in the wiki named "--", that's harmless, because
it merely names the latest revision in which either "--" or
"doc/index.mdwn" changed. However, it could return incorrect results
if there is somehow a file named "--".
|
| | |
|
| |
|
|
|
|
|
| |
Now that we have avoided using in_git_dir recursively, we don't need
the stack any more.
This reverts commit 39b8931ad31fe6b48afdc570caa459a0996c2092.
|
| |
|
|
|
| |
In the environment used on ci.debian.net, we have neither a name nor
an email address.
|
| |
|
|
|
|
|
|
| |
If we throw an exception (usually from run_or_die), in_git_dir won't
unshift the current directory from the stack. That's usually fine,
but in rcs_preprevert we catch exceptions and do some cleanup before
returning, for which we need the git directory to be the root and
not the temporary working tree.
|
| | |
|
| |
|
|
|
|
|
| |
Some of these might be relatively expensive to dereference or result
in messages being logged, and there's no reason why a search engine
should need to index them. (In particular, we'd probably prefer search
engines to index the rendered page, not its source code.)
|
| |
|
|
|
| |
We need the changes to take place at least 1 second after the first
rebuild, so that the changed files are seen to have changed.
|
| | |
|