[gentoo-commits] gentoo-x86 commit in www-client/surf/files: CVE-2012-0842.patch

[gentoo-commits] gentoo-x86 commit in www-client/surf/files: CVE-2012-0842.patch

[Jeroen Roovers (jer)]

jer         12/02/20 12:07:48

  Added:                CVE-2012-0842.patch
  Log:
  Fix insecure file permissions (bug #404983).
  
  (Portage version: 2.2.0_alpha87/cvs/Linux x86_64)

Revision  Changes    Path
1.1                  www-client/surf/files/CVE-2012-0842.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-client/surf/files/CVE-2012-0842.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/www-client/surf/files/CVE-2012-0842.patch?rev=1.1&content-type=text/plain

Index: CVE-2012-0842.patch
===================================================================
Description: Fix for world readable cookie jar vulnerability
 This is the patch provided by upstream to fix the world readable
 cookie jar vulnerability filed as http://bugs.debian.org/659296.
 Thanks to Peter Hartman from the upstream for quick patch.
Author: Peter Hartman <peterjohnhartman@gmail.com>
Last-Update: 2012-02-10
Bug-Debian: http://bugs.debian.org/659296
Forwarded: http://lists.suckless.org/dev/1202/10972.html
--- a/surf.c	Wed Feb 01 15:23:39 2012 +0100
+++ b/surf.c	Fri Feb 10 11:46:18 2012 -0500
@@ -127,7 +127,7 @@
 		apath = g_strconcat(g_get_home_dir(), "/", path, NULL);
 	if((p = strrchr(apath, '/'))) {
 		*p = '\0';
-		g_mkdir_with_parents(apath, 0755);
+		g_mkdir_with_parents(apath, 0700);
 		*p = '/';
 	}
 	/* creating file (gives error when apath ends with "/") */

[gentoo-commits] gentoo-x86 commit in www-client/surf/files: CVE-2012-0842.patch

[Jeroen Roovers (jer)]

jer         12/10/24 15:54:25

  Removed:              CVE-2012-0842.patch
  Log:
  Old.
  
  (Portage version: 2.2.0_alpha141/cvs/Linux x86_64, signed Manifest commit with key A792A613)