[pkg-horde] [SCM] Debian Horde Packages repository: horde3 package branch, debian-lenny, updated. 1f5981559224b20f8cfc7d880e4198cdfb9b17d6
Gregory Colpart
reg at debian.org
Mon May 24 23:20:13 UTC 2010
The following commit has been merged in the debian-lenny branch:
commit 1f5981559224b20f8cfc7d880e4198cdfb9b17d6
Author: Gregory Colpart <reg at debian.org>
Date: Mon May 24 23:32:43 2010 +0200
security upload, thanks to white at debian.org
diff --git a/debian/changelog b/debian/changelog
index d0df76d..51ac34d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+horde3 (3.2.2+debian0-2+lenny2) stable-security; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix several cross-site scripting vulnerabilities via crafted number
+ preferences or inline MIME text parts when using text/plain as MIME
+ type (horde ticket #8311 and #8399) (Issue was fixed in the previous
+ version, but adjusting the conffile was missing)
+ Fixes: CVE-2009-3237
+ * Fix cross-site scripting vulnerability via data:text/html values in
+ an HTML email message (horde ticket #8715)
+ Fixes: CVE-2009-4363
+ * Fix several cross-site scripting vulnerabilities via the PATH_INFO
+ variable due to use of the PHP_SELF variable
+ Fixes: CVE-2009-3701
+
+ -- Steffen Joeris <white at debian.org> Tue, 05 Jan 2010 13:02:24 +0100
+
horde3 (3.2.2+debian0-2+lenny1) stable-security; urgency=high
* Add patch stuff on debian/rules to have clean security patches.
diff --git a/debian/patches/0002-CVE-2009-3237.patch b/debian/patches/0002-CVE-2009-3237.patch
new file mode 100644
index 0000000..fb7022d
--- /dev/null
+++ b/debian/patches/0002-CVE-2009-3237.patch
@@ -0,0 +1,11 @@
+--- ../old/horde3-3.2.2+debian0/config/mime_drivers.php.dist 2010-01-05 11:07:10.000000000 +0000
++++ horde3-3.2.2+debian0/config/mime_drivers.php.dist 2010-01-05 11:42:45.000000000 +0000
+@@ -124,7 +124,7 @@
+ * Default text driver settings
+ */
+ $mime_drivers['horde']['simple'] = array(
+- 'inline' => true,
++ 'inline' => false,
+ 'handles' => array(
+ 'text/*'
+ ),
diff --git a/debian/patches/0003-CVE-2009-4363.patch b/debian/patches/0003-CVE-2009-4363.patch
new file mode 100644
index 0000000..4c1bc89
--- /dev/null
+++ b/debian/patches/0003-CVE-2009-4363.patch
@@ -0,0 +1,18 @@
+--- ../old/horde3-3.2.2+debian0/lib/Horde/Text/Filter/xss.php 2010-01-05 11:07:10.000000000 +0000
++++ horde3-3.2.2+debian0/lib/Horde/Text/Filter/xss.php 2010-01-05 11:53:10.000000000 +0000
+@@ -190,6 +190,15 @@
+ $patterns[$pattern] = '<' . $this->_params['replace'] . '_tag';
+ }
+
++ /* Strip out data URLs living in an A HREF element (Bug #8715). */
++ $malicious = '/<((?:a|�*65;?|�*41;?|�*97;?|�*61;?)\b[^>]+?)' .
++ '(?:h|�*72;?|�*48;?|�*104;?|�*68;?)\s*' .
++ '(?:r|�*82;?|�*52;?|�*114;?|�*72;?)\s*' .
++ '(?:e|�*69;?|�*45;?|�*101;?|�*65;?)\s*' .
++ '(?:f|�*70;?|�*46;?|�*102;?|�*66;?)\s*=' .
++ '("|\')?\s*data:(?(2)[^"\')>]*|[^\s)>]*)(?(2)\\2)/is';
++ $patterns[$malicious] = '<$1';
++
+ /* Comment out style/link tags. */
+ if ($this->_params['strip_styles']) {
+ if ($this->_params['strip_style_attributes']) {
diff --git a/debian/patches/0004-CVE-2009-3701.patch b/debian/patches/0004-CVE-2009-3701.patch
new file mode 100644
index 0000000..d56325d
--- /dev/null
+++ b/debian/patches/0004-CVE-2009-3701.patch
@@ -0,0 +1,36 @@
+diff -uNr horde-3.3.5/admin/cmdshell.php horde-3.3.6/admin/cmdshell.php
+--- horde-3.3.5/admin/cmdshell.php 2009-01-06 16:22:10.000000000 +0100
++++ horde3-3.2.2+debian0/admin/cmdshell.php 2009-10-13 17:52:07.000000000 +0200
+@@ -43,7 +43,7 @@
+ }
+ ?>
+
+-<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
++<form action="cmdshell.php" method="post">
+ <?php Util::pformInput() ?>
+ <label for="cmd" class="hidden"><?php echo _("Command") ?></label>
+ <textarea class="fixed" id="cmd" name="cmd" rows="10" cols="60">
+diff -uNr horde-3.3.5/admin/phpshell.php horde-3.3.6/admin/phpshell.php
+--- horde-3.3.5/admin/phpshell.php 2009-01-06 16:22:10.000000000 +0100
++++ horde3-3.2.2+debian0/admin/phpshell.php 2009-10-13 17:52:07.000000000 +0200
+@@ -39,7 +39,7 @@
+
+ ?>
+ <div style="padding:10px">
+-<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
++<form action="phpshell.php" method="post">
+ <?php Util::pformInput() ?>
+
+ <h1 class="header"><?php echo _("PHP Shell") ?></h1>
+diff -uNr horde-3.3.5/admin/sqlshell.php horde-3.3.6/admin/sqlshell.php
+--- horde-3.3.5/admin/sqlshell.php 2009-01-06 16:22:10.000000000 +0100
++++ horde3-3.2.2+debian0/admin/sqlshell.php 2009-10-13 17:52:07.000000000 +0200
+@@ -26,7 +26,7 @@
+ ?>
+ <div style="padding:10px">
+ <h1 class="header"><?php echo _("SQL Shell") ?></h1><br />
+-<form name="sqlshell" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
++<form name="sqlshell" action="sqlshell.php" method="post">
+ <?php Util::pformInput() ?>
+
+ <?php
--
Debian Horde Packages repository: horde3 package
More information about the pkg-horde-hackers
mailing list