summaryrefslogtreecommitdiffstats
path: root/www/rt44/files/patch-lib_RT.pm
diff options
context:
space:
mode:
Diffstat (limited to 'www/rt44/files/patch-lib_RT.pm')
-rw-r--r--www/rt44/files/patch-lib_RT.pm13
1 files changed, 13 insertions, 0 deletions
diff --git a/www/rt44/files/patch-lib_RT.pm b/www/rt44/files/patch-lib_RT.pm
new file mode 100644
index 0000000..eac3aee
--- /dev/null
+++ b/www/rt44/files/patch-lib_RT.pm
@@ -0,0 +1,13 @@
+--- lib/RT.pm.orig 2016-07-18 20:20:17 UTC
++++ lib/RT.pm
+@@ -81,6 +81,10 @@ use vars qw($BasePath
+ $MasonDataDir
+ $MasonSessionDir);
+
++# Set Email::Address module var before anything else loads.
++# This avoids an algorithmic complexity denial of service vulnerability.
++# See T#157608 and CVE-2015-7686 for more information.
++$Email::Address::COMMENT_NEST_LEVEL = 1;
+
+ RT->LoadGeneratedData();
+
OpenPOWER on IntegriCloud