Accueil Explorer Aide
Connexion
PUBLIC_REPOS
/
buildroot
miroir de git://git.buildroot.net/buildroot
2
1
Fork 0
Fichiers
Parcourir la source

package/janus-gateway: fix CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2fd3c2cf43a189430cb53cb1434d37d7a3a78b47)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine il y a 3 ans
Parent
cca59981bb
commit
c756e6ac7b
2 fichiers modifiés avec 28 ajouts et 0 suppressions
Vue unifiée Afficher les stats Diff
  1. 25 0
      package/janus-gateway/0004-Fixed-missing-XSS-mitigation.patch
  2. 3 0
      package/janus-gateway/janus-gateway.mk

+ 25 - 0
package/janus-gateway/0004-Fixed-missing-XSS-mitigation.patch
Voir le fichier 

@@ -0,0 +1,25 @@
 
+From f62bba6513ec840761f2434b93168106c7c65a3d Mon Sep 17 00:00:00 2001
 
+From: Lorenzo Miniero <lminiero@gmail.com>
 
+Date: Wed, 15 Dec 2021 14:10:01 +0100
 
+Subject: [PATCH] Fixed missing XSS mitigation (see #2817)
 
+
 
+[Retrieved from:
 
+https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d]
 
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 
+---
 
+ html/textroomtest.js | 2 +-
 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
+
 
+diff --git a/html/textroomtest.js b/html/textroomtest.js
 
+index bf95a260a..7d5ae832c 100644
 
+--- a/html/textroomtest.js
 
++++ b/html/textroomtest.js
 
+@@ -351,7 +351,7 @@ function sendPrivateMsg(username) {
 
+ 				text: JSON.stringify(message),
 
+ 				error: function(reason) { bootbox.alert(reason); },
 
+ 				success: function() {
 
+-					$('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + result);
 
++					$('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + escapeXmlTags(result));
 
+ 					$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
 
+ 				}
 
+ 			});

+ 3 - 0
package/janus-gateway/janus-gateway.mk
Voir le fichier 

@@ -14,6 +14,9 @@ JANUS_GATEWAY_CPE_ID_PRODUCT = janus
 
 # 0003-Fix-potential-Cross-site-Scripting-XSS-exploits-in-demos.patch
 
 # 0003-Fix-potential-Cross-site-Scripting-XSS-exploits-in-demos.patch
 
 JANUS_GATEWAY_IGNORE_CVES += CVE-2021-4020
 
 JANUS_GATEWAY_IGNORE_CVES += CVE-2021-4020
 
 
 
+# 0004-Fixed-missing-XSS-mitigation.patch
 
+JANUS_GATEWAY_IGNORE_CVES += CVE-2021-4124
 
+
 
 # ding-libs provides the ini_config library
 
 # ding-libs provides the ini_config library
 
 JANUS_GATEWAY_DEPENDENCIES = host-pkgconf jansson libnice \
 
 JANUS_GATEWAY_DEPENDENCIES = host-pkgconf jansson libnice \
 
 	libsrtp host-gengetopt libglib2 openssl libconfig \
 
 	libsrtp host-gengetopt libglib2 openssl libconfig \