Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch')
-rw-r--r--dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch13
1 files changed, 13 insertions, 0 deletions
diff --git a/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch b/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch
new file mode 100644
index 000000000000..434adf283d99
--- /dev/null
+++ b/dev-lang/mono/files/mono-2.10.9-CVE-2012-3382.patch
@@ -0,0 +1,13 @@
+diff --git a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
+index af5ddf4..7e87d48 100644
+--- a/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
++++ b/mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
+@@ -42,7 +42,7 @@ public void ProcessRequest (HttpContext context)
+
+ throw new HttpException (403,
+ "This type of page is not served.",
+- req != null ? req.Path : null,
++ req != null ? HttpUtility.HtmlEncode (req.Path) : null,
+ description);
+ }
+