Package: libapache2-mod-perl2 Version: 2.0.2-2.4 Severity: important Tags: patch, security
Attached is a patch for CVE-2007-1349, from upstream fixes at http://svn.apache.org/viewvc?view=rev&revision=521584 -- Kees Cook @outflux.net
Upstream fixes for CVE-2007-1349: http://svn.apache.org/viewvc?view=rev&revision=521584 diff -Nur libapache2-mod-perl2-2.0.2/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm libapache2-mod-perl2-2.0.2.new/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm --- libapache2-mod-perl2-2.0.2/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm 2005-10-20 17:04:45.000000000 -0700 +++ libapache2-mod-perl2-2.0.2.new/ModPerl-Registry/lib/ModPerl/RegistryCooker.pm 2007-07-17 13:35:43.094887345 -0700 @@ -336,7 +336,7 @@ my $self = shift; my $path_info = $self->{REQ}->path_info; - my $script_name = $path_info && $self->{URI} =~ /$path_info$/ + my $script_name = $path_info && $self->{URI} =~ /\Q$path_info\E$/ ? substr($self->{URI}, 0, length($self->{URI}) - length($path_info)) : $self->{URI};
