diff options
Diffstat (limited to 'debian/patches/439840-nowplaying.diff')
| -rw-r--r-- | debian/patches/439840-nowplaying.diff | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/patches/439840-nowplaying.diff b/debian/patches/439840-nowplaying.diff new file mode 100644 index 0000000..f9b1305 --- /dev/null +++ b/debian/patches/439840-nowplaying.diff @@ -0,0 +1,16 @@ +Description: Fix multiple CRLF injection vulnerabilities in "now playing" scripts +Forwarded: not-needed +Author: Wouter Coekaerts +Last-Update: 2016-02-29 +--- a/scripts/xmms.pl ++++ b/scripts/xmms.pl +@@ -139,6 +139,9 @@ Example: /set xmms_format_time %%m minut + $format =~ s/\%$_/$fs{$_}/g; + } + ++ # remove newline characters ++ $format =~ s/[\r\n]/ /g; ++ + # sending it. + if ($server && $server->{connected} && $witem && + ($witem->{type} eq "CHANNEL" || $witem->{type} eq "QUERY")) { |