rpms/ruby/FC-4 ruby-1.8.2-xmlrpc-CAN-2005-1992.patch, NONE, 1.1 ruby.spec, 1.32, 1.33
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jun 21 09:02:13 UTC 2005
Author: tagoh
Update of /cvs/dist/rpms/ruby/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv24029
Modified Files:
ruby.spec
Added Files:
ruby-1.8.2-xmlrpc-CAN-2005-1992.patch
Log Message:
* Tue Jun 21 2005 Akira TAGOH <tagoh at redhat.com> - 1.8.2-7.fc4.2
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution
on XMLRPC server. (#161096)
ruby-1.8.2-xmlrpc-CAN-2005-1992.patch:
utils.rb | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE ruby-1.8.2-xmlrpc-CAN-2005-1992.patch ---
diff -ruN ruby-1.8.2.orig/lib/xmlrpc/utils.rb ruby-1.8.2/lib/xmlrpc/utils.rb
--- ruby-1.8.2.orig/lib/xmlrpc/utils.rb 2003-08-15 02:20:14.000000000 +0900
+++ ruby-1.8.2/lib/xmlrpc/utils.rb 2005-06-21 17:28:32.000000000 +0900
@@ -138,7 +138,7 @@
def get_methods(obj, delim=".")
prefix = @prefix + delim
- obj.class.public_instance_methods.collect { |name|
+ obj.class.public_instance_methods(false).collect { |name|
[prefix + name, obj.method(name).to_proc, nil, nil]
}
end
More information about the fedora-cvs-commits
mailing list