mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 07:23:30 +08:00
package/janus-gateway: fix CVE-2021-4124
janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fd3c2cf43
)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
cca59981bb
commit
c756e6ac7b
@ -0,0 +1,25 @@
|
||||
From f62bba6513ec840761f2434b93168106c7c65a3d Mon Sep 17 00:00:00 2001
|
||||
From: Lorenzo Miniero <lminiero@gmail.com>
|
||||
Date: Wed, 15 Dec 2021 14:10:01 +0100
|
||||
Subject: [PATCH] Fixed missing XSS mitigation (see #2817)
|
||||
|
||||
[Retrieved from:
|
||||
https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
html/textroomtest.js | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/html/textroomtest.js b/html/textroomtest.js
|
||||
index bf95a260a..7d5ae832c 100644
|
||||
--- a/html/textroomtest.js
|
||||
+++ b/html/textroomtest.js
|
||||
@@ -351,7 +351,7 @@ function sendPrivateMsg(username) {
|
||||
text: JSON.stringify(message),
|
||||
error: function(reason) { bootbox.alert(reason); },
|
||||
success: function() {
|
||||
- $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + result);
|
||||
+ $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + escapeXmlTags(result));
|
||||
$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
|
||||
}
|
||||
});
|
@ -14,6 +14,9 @@ JANUS_GATEWAY_CPE_ID_PRODUCT = janus
|
||||
# 0003-Fix-potential-Cross-site-Scripting-XSS-exploits-in-demos.patch
|
||||
JANUS_GATEWAY_IGNORE_CVES += CVE-2021-4020
|
||||
|
||||
# 0004-Fixed-missing-XSS-mitigation.patch
|
||||
JANUS_GATEWAY_IGNORE_CVES += CVE-2021-4124
|
||||
|
||||
# ding-libs provides the ini_config library
|
||||
JANUS_GATEWAY_DEPENDENCIES = host-pkgconf jansson libnice \
|
||||
libsrtp host-gengetopt libglib2 openssl libconfig \
|
||||
|
Loading…
Reference in New Issue
Block a user