ruby-changes:17029
From: wyhaines <ko1@a...>
Date: Wed, 18 Aug 2010 03:36:38 +0900 (JST)
Subject: [ruby-changes:17029] Ruby:r29026 (ruby_1_8_6): lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
wyhaines 2010-08-18 03:36:29 +0900 (Wed, 18 Aug 2010) New Revision: 29026 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=29026 Log: lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information. Modified files: branches/ruby_1_8_6/ChangeLog branches/ruby_1_8_6/lib/webrick/httpresponse.rb branches/ruby_1_8_6/version.h Index: ruby_1_8_6/ChangeLog =================================================================== --- ruby_1_8_6/ChangeLog (revision 29025) +++ ruby_1_8_6/ChangeLog (revision 29026) @@ -1,10 +1,14 @@ +Tue Aug 18 03:34:00 Kirk Haines <khaines@r...> + + * lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information. + Tue Aug 18 03:27:00 Kirk Haines <khaines@r...> - * ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests. + * ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests. r29025 - * test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite. + * test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite. r29025 - * test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively. + * test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively. r29025 Wed Jun 23 04:26:00 Kirk Haines <khaines@r...> Index: ruby_1_8_6/version.h =================================================================== --- ruby_1_8_6/version.h (revision 29025) +++ ruby_1_8_6/version.h (revision 29026) @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2010-08-18" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20100818 -#define RUBY_PATCHLEVEL 419 +#define RUBY_PATCHLEVEL 420 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 Index: ruby_1_8_6/lib/webrick/httpresponse.rb =================================================================== --- ruby_1_8_6/lib/webrick/httpresponse.rb (revision 29025) +++ ruby_1_8_6/lib/webrick/httpresponse.rb (revision 29026) @@ -209,7 +209,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/