mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
webmin: patch CVE-2022-0829
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0829
Pick the patch from the nvd report details.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 80b5365780)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
0c7d961f95
commit
7435780bbe
+25
@@ -0,0 +1,25 @@
|
|||||||
|
From 15dd0e4e55579671c01e4808236beb4fe23e9eef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jamie Cameron <jcameron@webmin.com>
|
||||||
|
Date: Sat, 19 Feb 2022 13:10:36 -0800
|
||||||
|
Subject: [PATCH] Add missing permissions check when saving allowed cron users
|
||||||
|
|
||||||
|
CVE: CVE-2022-0829
|
||||||
|
Upstream-Status: Backport [https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9]
|
||||||
|
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
cron/save_allow.cgi | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/cron/save_allow.cgi b/cron/save_allow.cgi
|
||||||
|
index 87bbe453..73df9a84 100755
|
||||||
|
--- a/cron/save_allow.cgi
|
||||||
|
+++ b/cron/save_allow.cgi
|
||||||
|
@@ -4,6 +4,7 @@
|
||||||
|
|
||||||
|
require './cron-lib.pl';
|
||||||
|
&ReadParse();
|
||||||
|
+$access{'allow'} || &error($text{'allow_ecannot'});
|
||||||
|
|
||||||
|
&lock_file($config{cron_allow_file});
|
||||||
|
&lock_file($config{cron_deny_file});
|
||||||
@@ -23,6 +23,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \
|
|||||||
file://0001-HTML-escape-command-description.patch \
|
file://0001-HTML-escape-command-description.patch \
|
||||||
file://0001-Object-names-cannot-contact-special-characters.patch \
|
file://0001-Object-names-cannot-contact-special-characters.patch \
|
||||||
file://0001-Foreign-module-may-need-a-check.patch \
|
file://0001-Foreign-module-may-need-a-check.patch \
|
||||||
|
file://0001-Add-missing-permissions-check-when-saving-allowed-cr.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "cd6ee98f73f9418562197675b952d81b"
|
SRC_URI[md5sum] = "cd6ee98f73f9418562197675b952d81b"
|
||||||
|
|||||||
Reference in New Issue
Block a user