oss-sec mailing list archives
Re: phusion passenger CVE-2017-1000384
From: John Lightsey <jd () cpanel net>
Date: Fri, 17 Nov 2017 15:32:28 -0600
On 11/17/17 3:19 PM, Jakub Wilk wrote:
* John Lightsey <jd () cpanel net>, 2017-11-17, 14:58:https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bfThis adds: #ifdef false ... #endif But false _is_ a defined macro in this file, so this doesn't disable the code inside. I guess they meant to write: #if false ... #endif
True enough. The removal of the call to inferApplicationInfo() is the key part of the change.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- phusion passenger CVE-2017-1000384 Kurt Seifried (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Jakub Wilk (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Dave Horsfall (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Tomas Hoger (Nov 21)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 21)
- Re: phusion passenger CVE-2017-1000384 Jakub Wilk (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)