From 10a0d4b61dd575be73c2e2b6223f1bf7d34c63ea Mon Sep 17 00:00:00 2001
From: gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 3 Mar 2008 14:31:30 +0000
Subject: * lib/webrick/httpservlet/filehandler.rb: should normalize path  
 separators in path_info to prevent directory traversal   attacks on DOSISH
 platforms.   reported by Digital Security Research Group [DSECRG-08-026].

* lib/webrick/httpservlet/filehandler.rb: pathnames which have
  not to be published should be checked case-insensitively.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index f92c516dbc..e1660f6b32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+Mon Mar  3 23:28:37 2008  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httpservlet/filehandler.rb: should normalize path
+	  separators in path_info to prevent directory traversal
+	  attacks on DOSISH platforms.
+	  reported by Digital Security Research Group [DSECRG-08-026].
+
+	* lib/webrick/httpservlet/filehandler.rb: pathnames which have
+	  not to be published should be checked case-insensitively.
+
 Mon Mar  3 17:25:45 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* gc.c (add_heap): sort heaps array in ascending order to use
-- 
cgit v1.2.3