$NetBSD: patch-CVE-2012-3382,v 1.1 2014/11/30 21:51:44 spz Exp $

fix CVE-2012-3382 with upstream patch:
https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2

--- mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs.orig	2011-11-15 17:22:42.000000000 +0000
+++ mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
@@ -42,7 +42,7 @@ namespace System.Web
 				
 			throw new HttpException (403,
 						 "This type of page is not served.",
-						 req != null ? req.Path : null,
+						 req != null ? HttpUtility.HtmlEncode (req.Path) : null,
 						 description);
 		}