--- a/components/openstack/swift/patches/03-CVE-2013-2161.patch Tue Jun 10 14:07:48 2014 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-commit 6659382c4fa348e1ebbce2424968dd7267ea1db1
-Author: Alex Gaynor <[email protected]>
-Date: Mon May 27 02:07:39 2013 +0000
-
- Check user input in XML responses.
-
- Fixes bug 1183884.
-
- * swift/account/server.py: Escape account name in XML listings.
-
- Change-Id: I7ba54631ed1349516132c00a53fae74f0b84ac37
-
-diff --git a/swift/account/server.py b/swift/account/server.py
-index 81c4d90..baca5a5 100644
---- a/swift/account/server.py
-+++ b/swift/account/server.py
-@@ -241,7 +241,7 @@ class AccountController(object):
- account_list = json.dumps(data)
- elif out_content_type.endswith('/xml'):
- output_list = ['<?xml version="1.0" encoding="UTF-8"?>',
-- '<account name="%s">' % account]
-+ '<account name="%s">' % saxutils.escape(account)]
- for (name, object_count, bytes_used, is_subdir) in account_list:
- name = saxutils.escape(name)
- if is_subdir: