Index: head/www/awstats/files/patch-CVE-2008-3714
===================================================================
--- head/www/awstats/files/patch-CVE-2008-3714	(revision 225578)
+++ head/www/awstats/files/patch-CVE-2008-3714	(revision 225579)
@@ -1,22 +1,25 @@
 Fixes XSS in awstats.pl: CVE-2008-3714
 
 Please, note that the upstream fix at r.1911 is incomplete and can be
 easily curcumvented,
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080
 
 Obtained from: Upstream, http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.925&r2=1.926
 Debian, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=33;filename=awstats-6.7.dfsg-5_6.7.dfsg-5.1.patch;att=1;bug=495432
 
 See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
           
 
 --- wwwroot/cgi-bin/awstats.pl.old	2009-01-04 13:50:42.000000000 +0800
 +++ wwwroot/cgi-bin/awstats.pl	2009-01-04 13:52:43.000000000 +0800
-@@ -7523,6 +7523,7 @@
+@@ -7521,8 +7521,9 @@
+ sub DecodeEncodedString {
+ 	my $stringtodecode = shift;
  	$stringtodecode =~ tr/\+/ /s;
- 	$stringtodecode =~ s/%22//g;
+-	$stringtodecode =~ s/%22//g;
  	$stringtodecode =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/ieg;
 +	$stringtodecode =~ s/["']//g;
++
  	return $stringtodecode;
  }
  

Property changes on: head/www/awstats/files/patch-CVE-2008-3714
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.1
\ No newline at end of property
+1.2
\ No newline at end of property