WebSVN - prayer - Path Comparison - / Rev 167 and / Rev 168

Ignore whitespace Rev 167 → Rev 168

 /trunk/debian/changelog
 ,3 → 1,10
+prayer (1.3.5-dfsg1-5) unstable; urgency=medium
+  * [SECURITY] CVE-2018-18655 information disclosure: Add no-referrer meta
+    header to templates (Closes: #911842).
+ -- Magnus Holmgren <holmgren@debian.org>  Sat, 27 Oct 2018 19:45:14 +0200
 prayer (1.3.5-dfsg1-4) unstable; urgency=low
   * Switch from CDBS to dh and debhelper compat level 9.

 /trunk/debian/patches/no-referrer.patch
 ,0 → 1,24
+Bug-Debian: https://bugs.debian.org/911842
+Description: Add no-referrer meta header to templates.
+ * CVE-2018-18655
+--- a/templates/cam/header.t
++++ b/templates/cam/header.t
+@@ -11,6 +11,7 @@
+ % ENDIF
+ <meta name="robots" content="none" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
++<meta name="referrer" content="no-referrer" />
+ <link rel="stylesheet" href="/static/layout.css"
+       type="text/css" media="all" />
+ <link rel="stylesheet" href="/static/print.css"
+--- a/templates/old/header.t
++++ b/templates/old/header.t
+@@ -11,6 +11,7 @@
+ % ENDIF
+ <meta name="robots" content="none" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
++<meta name="referrer" content="no-referrer" />
+ <link rel="stylesheet" href="/static/common.css" type="text/css" />
+ <link rel="stylesheet"
+       href="/static/<% $g_theme->name |n %>.css"