Le Lun 19 Décembre 2005 17:02, Pierre Habouzit a écrit : > Le Lun 19 Décembre 2005 16:54, Thijs Kinkhorst a écrit : > > On Mon, 2005-12-19 at 16:47 +0100, Pierre Habouzit wrote: > > > -6 is the package that will fix all that should be, and it'll > > > enter etch in 10 days from now. > > > > Great, my interest is that the problem is addressed in the best way > > possible :) What about stable, do you want to prepare new updated > > packages or is the current fix ok? > > the current fix has a nasty side effect, it leads to 342544 > > a solution has to be brewed from the 001_update1.patch (IIRC) that > performs checks in the regexp.php file IIRC. > > I should say I've not the time atm to extract it myself. > > > Though, please note that this XSS vulneratibility IS really minor : > it has to be created from a user that stole you a PHPSESSID, and made > a treacheous search, and force the user to use 'last search result' > *BEFORE* you do a new search yourself, which is *REALLY* unlikely. > that is not doable for anonymous users. > > I'll try to have a minimalist patch ASAP, but stable version is not > really based on the same code (I mean the version in unstable is > quite bigger) and I'm not sure a patch is that simple to transpose > (you must have seen that my patch was quite brutal : I escaped any > POST-ed or GET-et variable, which is most of the time OK, but which > is not really nice not "the right way" since it results in some > entities showing up in mails).
In fact, I'm just not sure that stable is concerned, as the 'last search' link does not exists in it as far as I remember. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpiwLZgeCI8V.pgp
Description: PGP signature
