]> review.fuel-infra Code Review - packages/trusty/ceph.git/commit
Code Review / packages / trusty / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 2b7a1c2) | patch
[CVE-2015-5245] rgw: url encode exposed bucket 78/14478/5 6.1
authorDenis V. Meltsaykin <dmeltsaykin@mirantis.com>
Mon, 7 Dec 2015 17:21:58 +0000 (20:21 +0300)
committerDenis V. Meltsaykin <dmeltsaykin@mirantis.com>
Tue, 26 Jan 2016 20:36:33 +0000 (23:36 +0300)
commitea7aee753a36b405d7e3759ed92d0cd0636045fd
tree5fba3c077c535d8571fcf1dbcbd9d2040048ac79tree | snapshot
parent2b7a1c29cb20996e056c2f0fbff92c2e2b313c4ecommit | diff
[CVE-2015-5245] rgw: url encode exposed bucket

This commit contains changes from:
* https://github.com/ceph/ceph/pull/5430
  rgw: url encode exposed bucket
  Don't send the bucket name back without url encoding it.
* https://github.com/ceph/ceph/pull/4844
  rgw: Do not enclose the Bucket header in quotes
  HTTP headers don't have to be enclosed when it's a string.

The aforementioned commits help to prevent CVE-2015-5245

Closes-Bug: #1520185
Change-Id: I934309ecce99628b6d1309658ee3506cc4153d64
debian/changelog diff | blob | history
debian/patches/series diff | blob | history
debian/patches/url_encode_exposed_bucket.patch [new file with mode: 0644] blob