[Pkg-sympa-commits] [sympa] 03/05: Update patch for CVE-2015-1306

Emmanuel Bouthenot kolter at moszumanska.debian.org
Mon Feb 9 22:54:59 UTC 2015 

This is an automated email from the git hooks/post-receive script.

kolter pushed a commit to branch debian/squeeze-lts
in repository sympa.

commit e491415563be0c1f28146cac9db1841a03f08a6a
Author: Emmanuel Bouthenot <kolter at openics.org>
Date:   Mon Feb 2 23:02:59 2015 +0000

    Update patch for CVE-2015-1306
---
 ..._interface_vulnerability => 2007_fix_CVE-2015-1306.patch} | 12 +++++++++++-
 debian/patches/series                                        |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/debian/patches/2007_fix_web_interface_vulnerability b/debian/patches/2007_fix_CVE-2015-1306.patch
similarity index 52%
rename from debian/patches/2007_fix_web_interface_vulnerability
rename to debian/patches/2007_fix_CVE-2015-1306.patch
index 9727c25..9df93c9 100644
--- a/debian/patches/2007_fix_web_interface_vulnerability
+++ b/debian/patches/2007_fix_CVE-2015-1306.patch
@@ -1,6 +1,16 @@
+Description: Fix a vulnerability (CVE-2015-1306) in the
+ web interface (wwsympa) which allows one to send himself
+ by email any readable file by the sympa user on the
+ filesystem
+Author: David Verdin <david.verdin at renater.fr>
+Origin: upstream, https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.1-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=11562&r2=11778&view=patch
+Applied-Upstream: 6.1.24
+Last-Update: 2015-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 --- a/wwsympa/wwsympa.fcgi.in
 +++ b/wwsympa/wwsympa.fcgi.in
-@@ -15146,9 +15146,14 @@
+@@ -15150,9 +15150,14 @@
  	 $pages_url = $in{'url'};
  
  	 # parse return the MIME::Lite part to send 
diff --git a/debian/patches/series b/debian/patches/series
index 1475d37..30626c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,4 +14,4 @@
 1010_sqlite_upgrade.patch
 2005_disable_build_non_dfsg_po_files.patch
 2006_fix_CVE-2012-2352.patch
-2007_fix_web_interface_vulnerability
+2007_fix_CVE-2015-1306.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/sympa.git

More information about the Pkg-sympa-commits mailing list