[Pkg-sympa-commits] [sympa] 05/12: Remove patch for CVE-2015-1306

Emmanuel Bouthenot kolter at moszumanska.debian.org
Fri Jul 31 05:18:12 UTC 2015 

This is an automated email from the git hooks/post-receive script.

kolter pushed a commit to branch master
in repository sympa.

commit 0e03cf45c4b8fa0ffdb9988b201cefcf351be242
Author: Emmanuel Bouthenot <kolter at openics.org>
Date:   Mon Feb 2 18:06:21 2015 +0100

    Remove patch for CVE-2015-1306
---
 .../patches/0001_fix_web_interface_vulnerability   | 29 ----------------------
 debian/patches/series                              |  1 -
 2 files changed, 30 deletions(-)

diff --git a/debian/patches/0001_fix_web_interface_vulnerability b/debian/patches/0001_fix_web_interface_vulnerability
deleted file mode 100644
index b07c6a2..0000000
--- a/debian/patches/0001_fix_web_interface_vulnerability
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Fix a vulnerability in the web interface (wwsympa)
- which allows one to send himself by email any readable file by the
- sympa user on the filesystem
-Author: David Verdin <david.verdin at renater.fr>
-Origin: upstream, https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.1-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=11562&r2=11778&view=patch
-Applied-Upstream: 6.1.24
-Last-Update: 2015-01-16
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/wwsympa/wwsympa.fcgi.in
-+++ b/wwsympa/wwsympa.fcgi.in
-@@ -15758,9 +15758,14 @@
- 	 $pages_url = $in{'url'};
- 	 
- 	 # parse return the MIME::Lite part to send 
--	 my $MIMEmail = $mailHTML->parse($pages_url); 
--
--	 $in{'body'} = $MIMEmail->as_string;
-+         $mailHTML->{_AGENT}->protocols_allowed(['http', 'https', 'ftp', 'nntp']);
-+         my $MIMEmail = eval { $mailHTML->parse($pages_url) };
-+         if ($MIMEmail) {
-+             $in{'body'} = $MIMEmail->as_string;
-+         } else {
-+             report::reject_report_web('user', 'wrong_value', {'argument' => 'url'}, $param->{'action'});
-+             return undef;
-+         }
- 	 
-      }else{
- 	 
diff --git a/debian/patches/series b/debian/patches/series
index f9e0a90..0828c04 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
-0001_fix_web_interface_vulnerability
 1002_mysql_default_charset_engine.patch
 1004_wizard_support_batch_and_display_mode.patch
 1005_wizard_emit_cmd_and_newline_when_dying.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/sympa.git

More information about the Pkg-sympa-commits mailing list