ruby/ruby-1.8.6-p287-CVE-2008-5189.patch

--- lib/cgi.rb  (revision 19665)
+++ lib/cgi.rb  (working copy)
@@ -546,6 +546,11 @@
     when Hash
       options = options.dup
     end
+    options.each_value do |value|
+      if /\n(?![ \t])/ === value
+        raise ArgumentError, "potential HTTP header injection detected"
+      end
+    end

     unless options.has_key?("type")
       options["type"] = "text/html"
1.8.6.287-4 2009-03-15 05:56:18 +00:00			`--- lib/cgi.rb (revision 19665)`
			`+++ lib/cgi.rb (working copy)`
			`@@ -546,6 +546,11 @@`
			`when Hash`
			`options = options.dup`
			`end`
			`+ options.each_value do \|value\|`
			`+ if /\n(?![ \t])/ === value`
			`+ raise ArgumentError, "potential HTTP header injection detected"`
			`+ end`
			`+ end`

			`unless options.has_key?("type")`
			`options["type"] = "text/html"`