tags 457446 +patch thanks Patch as received from maintainer.
Thijs
diff -u typo3-src-4.0.2+debian/debian/changelog typo3-src-4.0.2+debian/debian/changelog
--- typo3-src-4.0.2+debian/debian/changelog
+++ typo3-src-4.0.2+debian/debian/changelog
@@ -1,3 +1,10 @@
+typo3-src (4.0.2+debian-4) stable-security; urgency=high
+
+ * Fixed security problem "SQL Injection in system extension indexed_search"
+ (CVE-2007-6381) with patch taken from 4.0.8. (Closes: 457446)
+
+ -- Christian Welzel <[EMAIL PROTECTED]> Sat, 22 Dec 2007 22:30:00 +0100
+
typo3-src (4.0.2+debian-3) testing; urgency=medium
* Fixed security problem "TYPO3 Security Bulletin 20070221-1: Email header
diff -u typo3-src-4.0.2+debian/debian/patches/00list typo3-src-4.0.2+debian/debian/patches/00list
--- typo3-src-4.0.2+debian/debian/patches/00list
+++ typo3-src-4.0.2+debian/debian/patches/00list
@@ -2,0 +3 @@
+03-SecBull-cve-2007-6381
only in patch2:
unchanged:
--- typo3-src-4.0.2+debian.orig/debian/patches/03-SecBull-cve-2007-6381.dpatch
+++ typo3-src-4.0.2+debian/debian/patches/03-SecBull-cve-2007-6381.dpatch
@@ -0,0 +1,32 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+## 02-SecBull-20070221-1.dpatch by Christian Welzel <[EMAIL PROTECTED]>
+##
+## DP: fix for TYPO3 Security Bulletin 20070221-1: Email header injection
+
[EMAIL PROTECTED]@
+
+diff -Naur TYPO3_4-0-7/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php TYPO3_4-0-8/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php
+--- TYPO3_4-0-7/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php 2006-03-22 02:11:50.000000000 +0100
++++ TYPO3_4-0-8/typo3/sysext/indexed_search/modfunc2/class.tx_indexedsearch_modfunc2.php 2007-12-10 19:51:50.000000000 +0100
+@@ -86,10 +86,10 @@
+ * @return string html table with results
+ */
+ function showStats() {
+- global $LANG,$HTTP_GET_VARS,$TYPO3_CONF_VARS;
++ global $LANG, $TYPO3_CONF_VARS;
+
+ $conf['words']=50; // max words in result list
+- $conf['bid']=$HTTP_GET_VARS['id']; // pageid for several statistics
++ $conf['bid'] = intval(t3lib_div::_GET('id')); // pageid for several statistics
+
+ $addwhere1=''; // all records
+ $addwhere2=' AND tstamp > '.(time()-30*24*60*60); // last 30 days
+@@ -123,7 +123,7 @@
+
+ $queryParts['SELECT']= '*, COUNT(*) AS c';
+ $queryParts['FROM']='index_stat_word';
+- $queryParts['WHERE']=sprintf('pageid= %s '.$addwhere, $conf['bid']);
++ $queryParts['WHERE']=sprintf('pageid= %d '.$addwhere, $conf['bid']);
+ $queryParts['GROUPBY']='word';
+ $queryParts['ORDERBY']='c DESC,word';
+ $queryParts['LIMIT']=$conf['words'];
pgp1QkidNN07I.pgp
Description: PGP signature

