From a6142a11b49aadba4fd4fe473dcb7593a4f9b7f7 Mon Sep 17 00:00:00 2001 From: evanweaver Date: Wed, 22 Aug 2007 10:38:43 +0000 Subject: [PATCH] simplify readme structure git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@576 19e92222-5c0b-0410-8929-a290d50e31e9 --- projects/cgi_multipart_eof_fix/README | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/projects/cgi_multipart_eof_fix/README b/projects/cgi_multipart_eof_fix/README index ff4ee4c3..a70f21be 100644 --- a/projects/cgi_multipart_eof_fix/README +++ b/projects/cgi_multipart_eof_fix/README @@ -11,22 +11,17 @@ Copyright 2006, 2007 Cloudburst, LLC. Portions copyright 2006 Jeremy Kemper, Jam Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data. -This is fix is cumulative with previous CGI multipart vulnerability fixes; see version 1.0.0 of the gem by Jamis Buck et. al. - -== Installation - - sudo gem install cgi_multipart_eof_fix - -== Scope - -* Affected: standalone CGI, Mongrel, WEBrick +* Affected application servers: standalone CGI, Mongrel, WEBrick * Unaffected: FastCGI, Ruby 1.8.6 (all servers) * Unknown: mod_ruby -This library will not modify versions of Ruby greater than 1.8.5. +This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes. == Usage +Install the gem: + sudo gem install cgi_multipart_eof_fix + Run the included test to verify that the patch works as intended. Then, require the gem in every affected application, as follows: require 'rubygems'