mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
webmin: patch CVE-2022-0829
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0829
Pick the patch from the nvd report details.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 80b5365780)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
committed by
Anuj Mittal
Anuj Mittal
parent
0c7d961f95
commit
7435780bbe
+25
@@ -0,0 +1,25 @@
|
||||
From 15dd0e4e55579671c01e4808236beb4fe23e9eef Mon Sep 17 00:00:00 2001
|
||||
From: Jamie Cameron <jcameron@webmin.com>
|
||||
Date: Sat, 19 Feb 2022 13:10:36 -0800
|
||||
Subject: [PATCH] Add missing permissions check when saving allowed cron users
|
||||
|
||||
CVE: CVE-2022-0829
|
||||
Upstream-Status: Backport [https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9]
|
||||
|
||||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||
---
|
||||
cron/save_allow.cgi | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/cron/save_allow.cgi b/cron/save_allow.cgi
|
||||
index 87bbe453..73df9a84 100755
|
||||
--- a/cron/save_allow.cgi
|
||||
+++ b/cron/save_allow.cgi
|
||||
@@ -4,6 +4,7 @@
|
||||
|
||||
require './cron-lib.pl';
|
||||
&ReadParse();
|
||||
+$access{'allow'} || &error($text{'allow_ecannot'});
|
||||
|
||||
&lock_file($config{cron_allow_file});
|
||||
&lock_file($config{cron_deny_file});
|
||||
@@ -23,6 +23,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \
|
||||
file://0001-HTML-escape-command-description.patch \
|
||||
file://0001-Object-names-cannot-contact-special-characters.patch \
|
||||
file://0001-Foreign-module-may-need-a-check.patch \
|
||||
file://0001-Add-missing-permissions-check-when-saving-allowed-cr.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "cd6ee98f73f9418562197675b952d81b"
|
||||
|
||||
Reference in New Issue
Block a user