Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Dear Stable Release Managers, This request is about updating buster. Salvatore Bonaccorso on the Security Team suggested me to fix a revealed XSS vulnerability trough the upcoming point release. The issue has got the assigned number CVE-2021-46709. The proposed fix is a trivial one- liner patch casting $_POST['num'] to (int). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium . * Fix CVE-2021-46709, an XSS issue with the num POST parameter
diffstat for phpliteadmin-1.9.7.1 phpliteadmin-1.9.7.1 changelog | 6 ++++++ patches/Fix-post-num-XSS.patch | 16 ++++++++++++++++ patches/series | 1 + 3 files changed, 23 insertions(+) diff -Nru phpliteadmin-1.9.7.1/debian/changelog phpliteadmin-1.9.7.1/debian/changelog --- phpliteadmin-1.9.7.1/debian/changelog 2018-05-17 20:25:20.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/changelog 2022-03-19 09:37:15.000000000 +0300 @@ -1,3 +1,9 @@ +phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium + + * Fix CVE-2021-46709, an XSS issue with the num POST parameter + + -- Nicholas Guriev <guriev...@ya.ru> Sat, 19 Mar 2022 09:37:15 +0300 + phpliteadmin (1.9.7.1-2) unstable; urgency=medium * Fix CVE-2018-10362 by Fix-authentication-bypass.patch (closes: #896682) diff -Nru phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch --- phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 1970-01-01 03:00:00.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 2022-03-19 09:35:27.000000000 +0300 @@ -0,0 +1,16 @@ +Description: Fix an XSS vulnerability with the num POST parameter + Forcibly cast value to integer. CVE-2021-46709 +Author: Nicholas Guriev <guriev...@ya.ru> +Last-Update: Sat, 19 Mar 2022 09:35:27 +0300 + +--- a/index.php ++++ b/index.php +@@ -2512,7 +2512,7 @@ if(isset($_GET['action']) && !isset($_GE + echo "<form action='?table=".urlencode($target_table)."&action=row_create&confirm=1' method='post'>"; + echo $token_html; + if(isset($_POST['num'])) +- $num = $_POST['num']; ++ $num = (int)$_POST['num']; + else + $num = 1; + echo "<input type='hidden' name='numRows' value='".$num."'/>"; diff -Nru phpliteadmin-1.9.7.1/debian/patches/series phpliteadmin-1.9.7.1/debian/patches/series --- phpliteadmin-1.9.7.1/debian/patches/series 2018-05-17 20:25:20.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/patches/series 2022-03-19 09:35:27.000000000 +0300 @@ -1,3 +1,4 @@ Remove-spontaneous-access-to-Internet.patch Remove-using-build-date.patch Fix-authentication-bypass.patch +Fix-post-num-XSS.patch
signature.asc
Description: This is a digitally signed message part
