[pkg-horde] [SCM] Debian Horde Packages repository: imp4 package branch, debian-sid, updated. debian/4.3.6+debian0-2-8-gb23aaee

Gregory Colpart reg at evolix.fr
Sat Oct 30 10:01:28 UTC 2010 

The following commit has been merged in the debian-sid branch:
commit b23aaee69ad9001f8b41727c3e7d2d7602778047
Author: Gregory Colpart <reg at evolix.fr>
Date:   Sat Oct 30 11:58:48 2010 +0200

    Commit changes by Moritz Muehlenhoff <muehlenhoff at univention.de> (a lot of kudos to him)

diff --git a/debian/changelog b/debian/changelog
index 4e29eeb..340bfe7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+imp4 (4.3.7+debian0-2.1) unstable; urgency=low
+
+  * Non-maintainer upload by the Security Team
+  * Fix XSS (Closes: #598584)
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Sat, 23 Oct 2010 16:49:35 +0200
+
 imp4 (4.3.7+debian0-2) unstable; urgency=medium
 
   * Backport patches from Horde CVS (http://bugs.horde.org/ticket/8836) to turn
diff --git a/fetchmailprefs.php b/fetchmailprefs.php
index 8e936bb..9298361 100644
--- a/fetchmailprefs.php
+++ b/fetchmailprefs.php
@@ -164,12 +164,12 @@ if (empty($actionID)) {
     $t->set('to_edit', ($to_edit !== null));
     if ($t->get('to_edit')) {
         $t->set('edit_account', intval($to_edit));
-        $t->set('fmid', $fm_account->getValue('id', $to_edit));
-        $t->set('fmusername', $fm_account->getValue('username', $to_edit));
-        $t->set('fmpassword', $fm_account->getValue('password', $to_edit));
-        $t->set('fmserver', $fm_account->getValue('server', $to_edit));
+        $t->set('fmid', htmlspecialchars($fm_account->getValue('id', $to_edit)));
+        $t->set('fmusername', htmlspecialchars($fm_account->getValue('username', $to_edit)));
+        $t->set('fmpassword', htmlspecialchars($fm_account->getValue('password', $to_edit)));
+        $t->set('fmserver', htmlspecialchars($fm_account->getValue('server', $to_edit)));
         if ($t->get('allowfolders')) {
-            $t->set('fmrmailbox', $fm_account->getValue('rmailbox', $to_edit));
+            $t->set('fmrmailbox', htmlspecialchars($fm_account->getValue('rmailbox', $to_edit)));
         }
         $t->set('fmonlynew', $fm_account->getValue('onlynew', $to_edit));
         $t->set('fmmarkseen', $fm_account->getValue('markseen', $to_edit));

-- 
Debian Horde Packages repository: imp4 package

More information about the pkg-horde-hackers mailing list