Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch')
-rw-r--r--net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch
new file mode 100644
index 000000000000..a73289d98d66
--- /dev/null
+++ b/net-news/yarssr/files/yarssr-0.2.2-cve-2007-5837.patch
@@ -0,0 +1,23 @@
+Improved patch to fix CVE 2007-5837 - remote code injection.
+See Gentoo bug #197660 and #378413.
+
+--- yarssr-0.2.2/lib/Yarssr/GUI.pm
++++ yarssr-0.2.2/lib/Yarssr/GUI.pm
+@@ -163,8 +163,15 @@
+ }
+ else {
+ my $b = Yarssr::Config->get_browser;
+- $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/;
+- exec($b) or warn "unable to launch browser\n";
++ my @b = split(' ', Yarssr::Config->get_browser);
++ if (grep(/\%s/, @b))
++ {
++ map {grep(s/\%s/$url/, $_) => $_} @b;
++ }
++ else {
++ push(@b, $url);
++ }
++ exec(@b) or warn "unable to launch browser\n";
+ exit;
+ }
+ }