diff options
Diffstat (limited to 'debian/patches/CVE-2006-20001.patch')
-rw-r--r-- | debian/patches/CVE-2006-20001.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/debian/patches/CVE-2006-20001.patch b/debian/patches/CVE-2006-20001.patch new file mode 100644 index 0000000..0ba150b --- /dev/null +++ b/debian/patches/CVE-2006-20001.patch @@ -0,0 +1,37 @@ +From 7469547c3f617717ca545d0f7c56d01134703813 Mon Sep 17 00:00:00 2001 +From: Eric Covener <covener@apache.org> +Date: Tue, 10 Jan 2023 13:21:48 +0000 +Subject: [PATCH] Merge r1906487 from trunk: + +* modules/dav/main/util.c (dav_process_if_header): Fix error + path for "Not" prefix parsing. + + +Submitted By: jorton +Reviewed By: jorton, covener, rpluem + + +git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906543 13f79535-47bb-0310-9956-ffa450edef68 +--- + STATUS | 8 -------- + modules/dav/main/util.c | 8 +++++++- + 2 files changed, 7 insertions(+), 9 deletions(-) + +--- a/modules/dav/main/util.c ++++ b/modules/dav/main/util.c +@@ -746,8 +746,14 @@ + "for the same state."); + } + condition = DAV_IF_COND_NOT; ++ list += 2; ++ } ++ else { ++ return dav_new_error(r->pool, HTTP_BAD_REQUEST, ++ DAV_ERR_IF_UNK_CHAR, 0, ++ "Invalid \"If:\" header: " ++ "Unexpected character in List"); + } +- list += 2; + break; + + case ' ': |