[Pkg-sympa-commits] [SCM] sympa Debian packaging branch, master, updated. debian/6.1.11_dfsg-1-2-g2436b42
Emmanuel Bouthenot
kolter at openics.org
Sun May 20 12:49:31 UTC 2012
The following commit has been merged in the master branch:
commit c88e49874b20021e2be4d20aaed63d3366c57b43
Author: Emmanuel Bouthenot <kolter at openics.org>
Date: Sun May 20 12:31:47 2012 +0000
Properly fix CVE-2012-2352
diff --git a/debian/patches/2007_fix_CVE-2012-2352.patch b/debian/patches/2007_fix_CVE-2012-2352.patch
new file mode 100644
index 0000000..f9e431a
--- /dev/null
+++ b/debian/patches/2007_fix_CVE-2012-2352.patch
@@ -0,0 +1,32 @@
+Description: Properly fix CVE-2012-2352
+Author: Emmanuel Bouthenot <kolter at debian.org>
+Bug-Debian: http://bugs.debian.org/672893
+Last-Update: 2012-05-20
+--- a/wwsympa/wwsympa.fcgi.in
++++ b/wwsympa/wwsympa.fcgi.in
+@@ -573,7 +573,9 @@
+ ## Defines the required privileges to access privileged actions
+ ## You can define a set ofequiivalent privileges in the ARRAYREF
+ my %required_privileges = ('admin' => ['owner','editor'],
++ 'arc_delete' => ['owner'],
+ 'arc_download' => ['owner'],
++ 'arc_manage' => ['owner'],
+ 'blacklist' => ['owner','editor'],
+ 'close_list' => ['privileged_owner'],
+ 'close_list_request' => ['privileged_owner'],
+@@ -2240,6 +2242,7 @@
+ &wwslog('info',"missing parameter '$arg_name'");
+ &web_db_log({'status' => 'error',
+ 'error_type' => 'missing_parameter'});
++ delete $param->{'list'};
+ return undef;
+ }
+ }
+@@ -2261,6 +2264,7 @@
+ &wwslog('info','authorization failed, insufficient privileges');
+ &web_db_log({'status' => 'error',
+ 'error_type' => 'authorization'});
++ delete $param->{'list'};
+ return undef;
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 54692bf..7e00a1e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
2005_disable_build_non_dfsg_po_files.patch
#2991_sanitize_make_all.patch
2006_disable_cssupdated_email_on_update.patch
+2007_fix_CVE-2012-2352.patch
--
sympa Debian packaging
More information about the Pkg-sympa-commits
mailing list