summaryrefslogtreecommitdiffstats
path: root/debian/patches/439840-nowplaying.diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/439840-nowplaying.diff16
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/patches/439840-nowplaying.diff b/debian/patches/439840-nowplaying.diff
new file mode 100644
index 0000000..f9b1305
--- /dev/null
+++ b/debian/patches/439840-nowplaying.diff
@@ -0,0 +1,16 @@
+Description: Fix multiple CRLF injection vulnerabilities in "now playing" scripts
+Forwarded: not-needed
+Author: Wouter Coekaerts
+Last-Update: 2016-02-29
+--- a/scripts/xmms.pl
++++ b/scripts/xmms.pl
+@@ -139,6 +139,9 @@ Example: /set xmms_format_time %%m minut
+ $format =~ s/\%$_/$fs{$_}/g;
+ }
+
++ # remove newline characters
++ $format =~ s/[\r\n]/ /g;
++
+ # sending it.
+ if ($server && $server->{connected} && $witem &&
+ ($witem->{type} eq "CHANNEL" || $witem->{type} eq "QUERY")) {