[Pkg-mysql-commits] r1593 - in mysql-dfsg-5.0/branches/lenny-proposed/debian: . patches

Norbert Tretkowski nobse at alioth.debian.org
Tue May 12 07:56:39 UTC 2009 

Author: nobse
Date: 2009-05-12 07:56:38 +0000 (Tue, 12 May 2009)
New Revision: 1593

Added:
   mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/94_SECURITY_CVE-2008-4456.dpatch
Modified:
   mysql-dfsg-5.0/branches/lenny-proposed/debian/changelog
   mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/00list
Log:
Merge 5.0.51a-24+lenny1

Modified: mysql-dfsg-5.0/branches/lenny-proposed/debian/changelog
===================================================================
--- mysql-dfsg-5.0/branches/lenny-proposed/debian/changelog	2009-05-05 07:01:19 UTC (rev 1592)
+++ mysql-dfsg-5.0/branches/lenny-proposed/debian/changelog	2009-05-12 07:56:38 UTC (rev 1593)
@@ -1,11 +1,23 @@
-mysql-dfsg-5.0 (5.0.51a-24lenny1) stable-proposed-updates; urgency=low
+mysql-dfsg-5.0 (5.0.51a-25) UNRELEASED; urgency=low
 
   * New patch fix-dummy-thread-race-condition.dpatch to back out an
-    unneeded workaround that causes segfaults in libmysqlclient15.   Thanks
-    to Martin Koegler for digging up the patch. (closes: #524366, #513204).
+    unneeded workaround that causes segfaults in libmysqlclient15. Thanks
+    to Martin Koegler for digging up the patch.
+    (closes: #524366, #513204).
 
  -- Sean Finney <seanius at debian.org>  Sat, 18 Apr 2009 08:52:10 +0200
 
+mysql-dfsg-5.0 (5.0.51a-24+lenny1) stable-security; urgency=high
+
+  * Non-maintainer upload by the security team.
+  * SECURITY:
+    Fix for CVE-2008-4456: Escape HTML special characters in mysql
+    commandline client's --html output, to avoid potential cross-site
+    scripting or privilege escalation vulnerabilities if the resulting
+    output is loaded in another scripting context.
+
+ -- Devin Carraway <devin at debian.org>  Sat, 11 Apr 2009 07:45:15 +0000
+
 mysql-dfsg-5.0 (5.0.51a-24) testing-proposed-updates; urgency=low
 
   * Update SSL certificates, and re-enable SSL related tests when running

Modified: mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/00list
===================================================================
--- mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/00list	2009-05-05 07:01:19 UTC (rev 1592)
+++ mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/00list	2009-05-12 07:56:38 UTC (rev 1593)
@@ -29,4 +29,5 @@
 91_SECURITY_CVE-2007-5925.dpatch
 92_SECURITY_CVE-2008-4098.dpatch
 93_SECURITY_CVE-2008-3963.dpatch
+94_SECURITY_CVE-2008-4456.dpatch
 fix-dummy-thread-race-condition.dpatch

Added: mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/94_SECURITY_CVE-2008-4456.dpatch
===================================================================
--- mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/94_SECURITY_CVE-2008-4456.dpatch	                        (rev 0)
+++ mysql-dfsg-5.0/branches/lenny-proposed/debian/patches/94_SECURITY_CVE-2008-4456.dpatch	2009-05-12 07:56:38 UTC (rev 1593)
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_SECURITY_CVE-2008-4456.dpatch by Devin Carraway <devin at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Third-party fix for CVE-2008-4456, addressing missing entity encoding
+## of special characters in HTML output, potentially enabling script
+## injection or other HTML tampering.
+
+ at DPATCH@
+diff -aruN mysql-dfsg-5.0-5.0.32.orig/client/mysql.cc mysql-dfsg-5.0-5.0.32.CVE-2008-4456/client/mysql.cc
+--- mysql-dfsg-5.0-5.0.32.orig/client/mysql.cc	2006-12-20 11:14:28.000000000 +0000
++++ mysql-dfsg-5.0-5.0.32.CVE-2008-4456/client/mysql.cc	2009-02-23 07:27:19.000000000 +0000
+@@ -2499,9 +2499,12 @@
+   {
+     while((field = mysql_fetch_field(result)))
+     {
+-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
+-					 (field->name[0] ? field->name : 
+-					  " &nbsp; ") : "NULL"));
++      tee_fputs("<TH>", PAGER);
++      if (field->name && field->name[0])
++        xmlencode_print(field->name, field->name_length);
++      else
++        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
++      tee_fputs("</TH>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);
+   }
+@@ -2512,7 +2515,7 @@
+     for (uint i=0; i < mysql_num_fields(result); i++)
+     {
+       (void) tee_fputs("<TD>", PAGER);
+-      safe_put_field(cur[i],lengths[i]);
++      xmlencode_print(cur[i], lengths[i]);
+       (void) tee_fputs("</TD>", PAGER);
+     }
+     (void) tee_fputs("</TR>", PAGER);

More information about the Pkg-mysql-commits mailing list