[SCM] BOINC packaging branch, wheezy, updated. debian/7.0.27+dfsg-5-21-g8ddb22e

Guo Yixuan culu.gyx at gmail.com
Thu Jun 27 02:20:12 UTC 2013 

The following commit has been merged in the wheezy branch:
commit 22260b89a3cb105b8343f0c8defcf85eeb8b508a
Author: Guo Yixuan <culu.gyx at gmail.com>
Date:   Thu Jun 27 10:17:26 2013 +0800

    commented patch for html/user/submit.php in CVE-2013-2018-2-SQL-injections.patch
    
    html/user/submit.php has changed too much between 7.0.27 and the patch

diff --git a/debian/patches/CVE-2013-2018-2-SQL-injections.patch b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
index 7b38f77..725892a 100644
--- a/debian/patches/CVE-2013-2018-2-SQL-injections.patch
+++ b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
@@ -23,18 +23,18 @@ index 2dfef55..625ca52 100644
      $app = BossaApp::lookup("short_name='$name'");
      if (!$app) return 0;
      return $app->id;
-diff --git a/html/user/submit.php b/html/user/submit.php
-index ebaf385..4d8d7c5 100644
---- a/html/user/submit.php
-+++ b/html/user/submit.php
-@@ -196,6 +196,7 @@ function handle_main($user) {
-     ";
-     $x = "";
-     foreach ($submit_urls as $appname=>$submit_url) {
-+        $appname = BoincDb::escape_string($appname);
-         $app = BoincApp::lookup("name='$appname'");
-         if (!$app) error_page("bad submit_url name: $appname");
-         $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+#diff --git a/html/user/submit.php b/html/user/submit.php
+#index ebaf385..4d8d7c5 100644
+#--- a/html/user/submit.php
+#+++ b/html/user/submit.php
+#@@ -196,6 +196,7 @@ function handle_main($user) {
+#     ";
+#     $x = "";
+#     foreach ($submit_urls as $appname=>$submit_url) {
+#+        $appname = BoincDb::escape_string($appname);
+#         $app = BoincApp::lookup("name='$appname'");
+#         if (!$app) error_page("bad submit_url name: $appname");
+#         $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
 diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
 index 9a2686a..e3b6d15 100644
 --- a/html/user/submit_rpc_handler.php

-- 
BOINC packaging

More information about the pkg-boinc-commits mailing list