[Pkg-mysql-commits] r1320 - in trunk/debian: . patches

Norbert Tretkowski nobse at alioth.debian.org
Tue Oct 7 11:02:26 UTC 2008 

Author: nobse
Date: 2008-10-07 11:02:25 +0000 (Tue, 07 Oct 2008)
New Revision: 1320

Added:
   trunk/debian/patches/94_SECURITY_CVE-2008-4456.dpatch
Modified:
   trunk/debian/changelog
   trunk/debian/patches/00list
Log:
Fix for CVE-2008-4456

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-10-07 10:47:41 UTC (rev 1319)
+++ trunk/debian/changelog	2008-10-07 11:02:25 UTC (rev 1320)
@@ -1,9 +1,14 @@
-mysql-dfsg-5.0 (5.0.51a-16) unstable; urgency=low
+mysql-dfsg-5.0 (5.0.51a-16) unstable; urgency=high
 
+  * SECURITY:
+    Fix for CVE-2008-4456: Cross-site scripting (XSS) vulnerability in the
+    command-line client, when the --html option is enabled, allows attackers
+    to inject arbitrary web script or HTML by placing it in a database cell,
+    which might be accessed by this client when composing an HTML document. 
   * Disable rpl_packet test when running the testsuite, fails randomly on
     i386. (closes: #501413)
 
- -- Norbert Tretkowski <nobse at debian.org>  Tue, 07 Oct 2008 12:44:30 +0200
+ -- Norbert Tretkowski <nobse at debian.org>  Tue, 07 Oct 2008 13:01:58 +0200
 
 mysql-dfsg-5.0 (5.0.51a-15) unstable; urgency=high
 

Modified: trunk/debian/patches/00list
===================================================================
--- trunk/debian/patches/00list	2008-10-07 10:47:41 UTC (rev 1319)
+++ trunk/debian/patches/00list	2008-10-07 11:02:25 UTC (rev 1320)
@@ -23,3 +23,4 @@
 91_SECURITY_CVE-2007-5925.dpatch
 92_SECURITY_CVE-2008-2079.dpatch
 93_SECURITY_CVE-2008-3963.dpatch
+94_SECURITY_CVE-2008-4456.dpatch

Added: trunk/debian/patches/94_SECURITY_CVE-2008-4456.dpatch
===================================================================
--- trunk/debian/patches/94_SECURITY_CVE-2008-4456.dpatch	                        (rev 0)
+++ trunk/debian/patches/94_SECURITY_CVE-2008-4456.dpatch	2008-10-07 11:02:25 UTC (rev 1320)
@@ -0,0 +1,36 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 94_SECURITY_CVE-2008-4456.dpatch by Norbert Tretkowski <nobse at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix for CVE-2008-4456
+
+ at DPATCH@
+=== modified file 'client/mysql.cc'
+--- client/mysql.cc	2007-11-13 13:29:42 +0000
++++ client/mysql.cc	2008-05-01 19:16:09 +0000
+@@ -2636,9 +2636,12 @@
+   {
+     while((field = mysql_fetch_field(result)))
+     {
+-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
+-					 (field->name[0] ? field->name : 
+-					  " &nbsp; ") : "NULL"));
++      tee_fputs("<TH>", PAGER);
++      if (field->name && field->name[0])
++        xmlencode_print(field->name, field->name_length);
++      else
++        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
++      tee_fputs("</TH>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);
+   }
+@@ -2651,7 +2654,7 @@
+     for (uint i=0; i < mysql_num_fields(result); i++)
+     {
+       (void) tee_fputs("<TD>", PAGER);
+-      safe_put_field(cur[i],lengths[i]);
++      xmlencode_print(cur[i], lengths[i]);
+       (void) tee_fputs("</TD>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);
+

More information about the Pkg-mysql-commits mailing list