[DRE-commits] [SCM] ruby-actionpack-3.2.git branch, master, updated. debian/3.2.6-5-3-gd0aa6fa

[Ondřej Surý]

The following commit has been merged in the master branch:
commit ba704a9f80a0cb035feacc95200731f8c1129f63
Author: Ondřej Surý <ondrej at sury.org>
Date:   Tue Mar 19 09:43:06 2013 +0100

    [CVE-2013-1855]: Fix XSS vulnerability in sanitize_css in Action Pack

diff --git a/debian/patches/CVE-2013-1855.patch b/debian/patches/CVE-2013-1855.patch
new file mode 100644
index 0000000..7b2c7f9
--- /dev/null
+++ b/debian/patches/CVE-2013-1855.patch
@@ -0,0 +1,22 @@
+--- a/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
++++ b/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
+@@ -110,8 +110,8 @@ module HTML
+       style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
+ 
+       # gauntlet
+-      if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
+-          style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
++      if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
++          style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
+         return ''
+       end
+ 
+@@ -122,7 +122,7 @@ module HTML
+         elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
+           unless val.split().any? do |keyword|
+             !allowed_css_keywords.include?(keyword) &&
+-              keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
++              keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
+           end
+             clean << prop + ': ' + val + ';'
+           end
diff --git a/debian/patches/series b/debian/patches/series
index e867028..e19f070 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ CVE-2012-3424.patch
 CVE-2012-3463.patch
 CVE-2012-3465.patch
 CVE-2013-0155.patch
+CVE-2013-1855.patch

-- 
ruby-actionpack-3.2.git