diff options
Diffstat (limited to 'net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch')
-rw-r--r-- | net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch new file mode 100644 index 000000000000..a73289d98d66 --- /dev/null +++ b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch @@ -0,0 +1,23 @@ +Improved patch to fix CVE 2007-5837 - remote code injection. +See Gentoo bug #197660 and #378413. + +--- yarssr-0.2.2/lib/Yarssr/GUI.pm ++++ yarssr-0.2.2/lib/Yarssr/GUI.pm +@@ -163,8 +163,15 @@ + } + else { + my $b = Yarssr::Config->get_browser; +- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; +- exec($b) or warn "unable to launch browser\n"; ++ my @b = split(' ', Yarssr::Config->get_browser); ++ if (grep(/\%s/, @b)) ++ { ++ map {grep(s/\%s/$url/, $_) => $_} @b; ++ } ++ else { ++ push(@b, $url); ++ } ++ exec(@b) or warn "unable to launch browser\n"; + exit; + } + } |