diff options
| author |   Wang Mingyu <wangmy@cn.fujitsu.com> | 2020-12-15 15:22:03 +0800 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2021-01-10 19:26:00 -0800 |
| commit | b5ddfc05f5951071ac2a452149c8c0b77aa3de2b (patch) | |
| tree | 56e776b93f388329596b510da1b8c78d9a9f8657 /meta-oe/recipes-connectivity | |
| parent | aaaf03ada11b7f0207c34bc5f72ffff942fee8b6 (diff) | |
| download | meta-openembedded-b5ddfc05f5951071ac2a452149c8c0b77aa3de2b.tar.gz | |
zabbix: CVE-2020-15803 Security Advisory
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15803
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d259144422bb44af9dbc7397fc4077d0bf3fc83f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit d9911b087c83e0c73fbe7eeb497ca388b62d7706)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-connectivity')
| -rw-r--r-- | meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch | 36 | ||||
| -rw-r--r-- | meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb | 1 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch new file mode 100644 index 0000000000..2eec4bf327 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2020-15803.patch @@ -0,0 +1,36 @@ +From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001 +From: Wang Mingyu <wangmy@cn.fujitsu.com> +Date: Fri, 11 Dec 2020 17:02:20 +0900 +Subject: [PATCH] Fix bug for CVE-2020-15803 + +Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> +--- + frontends/php/include/classes/html/CIFrame.php | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php +index 32220cd..70f2ab5 100644 +--- a/frontends/php/include/classes/html/CIFrame.php ++++ b/frontends/php/include/classes/html/CIFrame.php +@@ -29,6 +29,7 @@ class CIFrame extends CTag { + $this->setHeight($height); + $this->setScrolling($scrolling); + $this->setId($id); ++ $this->setSandbox(); + } + + public function setSrc($value = null) { +@@ -69,4 +70,10 @@ class CIFrame extends CTag { + $this->setAttribute('scrolling', $value); + return $this; + } ++ ++ private function setSandbox() { ++ if (ZBX_IFRAME_SANDBOX !== false) { ++ $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX); ++ } ++ } + } +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb index 0e0ddd5779..98a31879c4 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_4.4.6.bb @@ -26,6 +26,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${PV}/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2020-15803.patch \ " SRC_URI[md5sum] = "e666539220be93b1af38e40f5fbb1f79" |