Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
ruby2.1.36279
CVE-2020-25613.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-25613.patch of Package ruby2.1.36279
From c2d665a75ddfe6a9121cbaf05fe5a823536f2571 Mon Sep 17 00:00:00 2001 From: Ali Abdallah <ali.abdallah@suse.com> Date: Wed, 6 Oct 2021 17:29:54 +0200 Subject: [PATCH 3/4] Backport upstream fix for CVE-2020-25613 This is a backport of webrick commit: 8946bb38b4d87549f0d99ed73c62c41933f97cc7 [PATCH] Make it more strict to interpret some headers Some regexps were too tolerant. --- lib/webrick/httprequest.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index c39e3eb198..c9c870d379 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -225,9 +225,9 @@ module WEBrick raise HTTPStatus::BadRequest, "bad URI `#{@unparsed_uri}'." end - if /close/io =~ self["connection"] + if /\Aclose\z/io =~ self["connection"] @keep_alive = false - elsif /keep-alive/io =~ self["connection"] + elsif /\Akeep-alive\z/io =~ self["connection"] @keep_alive = true elsif @http_version < "1.1" @keep_alive = false @@ -474,7 +474,7 @@ module WEBrick return unless socket if tc = self['transfer-encoding'] case tc - when /chunked/io then read_chunked(socket, block) + when /\Achunked\z/io then read_chunked(socket, block) else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}." end elsif self['content-length'] || @remaining_size -- 2.32.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
