From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
Date: Thu, 21 Dec 2017 17:02:44 +0100
Subject: CVE-2017-17405: Fix a command injection vulnerability in Net::FTP.
These are upstream commits
1cfe43fd85c66a9e2b5068480b3e043c31e6b8ca
---
lib/net/ftp.rb | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
index 149fc6a..94dcccd 100644
--- a/lib/net/ftp.rb
+++ b/lib/net/ftp.rb
@@ -563,10 +563,10 @@ module Net
if localfile
if @resume
rest_offset = File.size?(localfile)
- f = open(localfile, "a")
+ f = File.open(localfile, "a")
else
rest_offset = nil
- f = open(localfile, "w")
+ f = File.open(localfile, "w")
end
elsif !block_given?
result = ""
@@ -594,7 +594,7 @@ module Net
def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line
result = nil
if localfile
- f = open(localfile, "w")
+ f = File.open(localfile, "w")
elsif !block_given?
result = ""
end
@@ -640,7 +640,7 @@ module Net
else
rest_offset = nil
end
- f = open(localfile)
+ f = File.open(localfile)
begin
f.binmode
if rest_offset
@@ -659,7 +659,7 @@ module Net
# passing in the transmitted data one line at a time.
#
def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
- f = open(localfile)
+ f = File.open(localfile)
begin
storlines("STOR " + remotefile, f, &block)
ensure
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
c61327aa5e56b75715d8a13b302640a2
>
files
>
5
