[pkg-horde] [SCM] Debian Horde Packages repository: sork-passwd-h3 package branch, debian-sid, updated. c32631119939319f5964381655d22681e89a9dda
Gregory Colpart
reg at foulademer.gcolpart.com
Fri Aug 7 23:16:23 UTC 2009
The following commit has been merged in the debian-sid branch:
commit c32631119939319f5964381655d22681e89a9dda
Author: Gregory Colpart <reg at foulademer.gcolpart.com>
Date: Sat Aug 8 01:14:35 2009 +0200
Commit NMU patch from security team
diff --git a/debian/changelog b/debian/changelog
index 9a75f13..6022ebd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+sork-passwd-h3 (3.1-1.2) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix regression in main.php, introduced by the previous NMU
+
+ -- Steffen Joeris <white at debian.org> Tue, 14 Jul 2009 11:13:26 +0200
+
+sork-passwd-h3 (3.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix XSS via the backend parameter (Closes: #536554)
+ Fixes: CVE-2009-2360
+
+ -- Steffen Joeris <white at debian.org> Sat, 11 Jul 2009 06:02:56 +0000
+
sork-passwd-h3 (3.1-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/patches/0002-CVE-2009-2360.patch b/debian/patches/0002-CVE-2009-2360.patch
new file mode 100644
index 0000000..3113579
--- /dev/null
+++ b/debian/patches/0002-CVE-2009-2360.patch
@@ -0,0 +1,54 @@
+--- ../old/sork-passwd-h3-3.1/main.php 2009-01-06 15:25:15.000000000 +0000
++++ sork-passwd-h3-3.1/main.php 2009-07-11 06:00:57.000000000 +0000
+@@ -15,8 +15,20 @@
+ require_once PASSWD_BASE . '/lib/base.php';
+ require PASSWD_BASE . '/config/backends.php';
+
++// Get the backend details.
++$backend_key = Util::getFormData('backend', false);
++if (!isset($backends[$backend_key])) {
++ $backend_key = null;
++}
++
++
++
+ // Use a do-while to allow easy breaking if an error is found.
+ do {
++ if (!$backend_key) {
++ break;
++ }
++
+ // Has the user submitted the form yet?
+ $submit = Util::getFormData('submit', false);
+ if (!$submit) {
+@@ -24,8 +36,6 @@
+ break;
+ }
+
+- // Get the backend details.
+- $backend_key = Util::getFormData('backend', false);
+ $driver = $backends[$backend_key]['driver'];
+ $params = $backends[$backend_key]['params'];
+ $password_policy = isset($backends[$backend_key]['password policy'])
+@@ -242,8 +252,8 @@
+
+ foreach ($backends as $key => $current_backend) {
+ $sel = ($key == $backend_key) ? ' selected="selected"' : '';
+- $backends_list .= "<option value=\"$key\"$sel>";
+- $backends_list .= $current_backend['name'] . '</option>';
++ $backends_list .= '<option value="' . htmlspecialchars($key) . '"' . $sel . '>' .
++ htmlspecialchars($current_backend['name']) . '</option>';
+ }
+ }
+
+--- ../old/sork-passwd-h3-3.1/templates/main/main.inc 2008-10-09 17:12:25.000000000 +0000
++++ sork-passwd-h3-3.1/templates/main/main.inc 2009-07-11 06:02:03.000000000 +0000
+@@ -53,7 +53,7 @@
+ <form method="post" action="<?php echo Horde::url('main.php', false, -1, true) ?>" name="passwd">
+ <?php echo Util::formInput() ?>
+ <?php if ($conf['backend']['backend_list'] == 'hidden'): ?>
+-<input type="hidden" name="backend" value="<?php echo $backend_key ?>" />
++<input type="hidden" name="backend" value="<?php echo htmlspecialchars($backend_key) ?>" />
+ <?php endif; if ($conf['user']['change'] !== true): ?>
+ <input type="hidden" name="userid" value="<?php echo htmlspecialchars($userid) ?>" />
+ <?php endif; ?>
--
Debian Horde Packages repository: sork-passwd-h3 package
More information about the pkg-horde-hackers
mailing list