Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id
<540de30a27d37c3ff416b94b1adf7ff2a2cab257.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1007948,
regarding buster-pu: package phpliteadmin/1.9.7.1-2+deb10u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1007948: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007948
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
Dear Stable Release Managers,
This request is about updating buster.
Salvatore Bonaccorso on the Security Team suggested me to fix a revealed
XSS vulnerability trough the upcoming point release. The issue has got
the assigned number CVE-2021-46709. The proposed fix is a trivial one-
liner patch casting $_POST['num'] to (int).
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium
.
* Fix CVE-2021-46709, an XSS issue with the num POST parameter
diffstat for phpliteadmin-1.9.7.1 phpliteadmin-1.9.7.1
changelog | 6 ++++++
patches/Fix-post-num-XSS.patch | 16 ++++++++++++++++
patches/series | 1 +
3 files changed, 23 insertions(+)
diff -Nru phpliteadmin-1.9.7.1/debian/changelog
phpliteadmin-1.9.7.1/debian/changelog
--- phpliteadmin-1.9.7.1/debian/changelog 2018-05-17 20:25:20.000000000
+0300
+++ phpliteadmin-1.9.7.1/debian/changelog 2022-03-19 09:37:15.000000000
+0300
@@ -1,3 +1,9 @@
+phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium
+
+ * Fix CVE-2021-46709, an XSS issue with the num POST parameter
+
+ -- Nicholas Guriev <guriev...@ya.ru> Sat, 19 Mar 2022 09:37:15 +0300
+
phpliteadmin (1.9.7.1-2) unstable; urgency=medium
* Fix CVE-2018-10362 by Fix-authentication-bypass.patch (closes: #896682)
diff -Nru phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch
phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch
--- phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 1970-01-01
03:00:00.000000000 +0300
+++ phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 2022-03-19
09:35:27.000000000 +0300
@@ -0,0 +1,16 @@
+Description: Fix an XSS vulnerability with the num POST parameter
+ Forcibly cast value to integer. CVE-2021-46709
+Author: Nicholas Guriev <guriev...@ya.ru>
+Last-Update: Sat, 19 Mar 2022 09:35:27 +0300
+
+--- a/index.php
++++ b/index.php
+@@ -2512,7 +2512,7 @@ if(isset($_GET['action']) && !isset($_GE
+ echo "<form
action='?table=".urlencode($target_table)."&action=row_create&confirm=1'
method='post'>";
+ echo $token_html;
+ if(isset($_POST['num']))
+- $num = $_POST['num'];
++ $num = (int)$_POST['num'];
+ else
+ $num = 1;
+ echo "<input type='hidden' name='numRows'
value='".$num."'/>";
diff -Nru phpliteadmin-1.9.7.1/debian/patches/series
phpliteadmin-1.9.7.1/debian/patches/series
--- phpliteadmin-1.9.7.1/debian/patches/series 2018-05-17 20:25:20.000000000
+0300
+++ phpliteadmin-1.9.7.1/debian/patches/series 2022-03-19 09:35:27.000000000
+0300
@@ -1,3 +1,4 @@
Remove-spontaneous-access-to-Internet.patch
Remove-using-build-date.patch
Fix-authentication-bypass.patch
+Fix-post-num-XSS.patch
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.12
Hi,
The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.
Regards,
Adam
--- End Message ---
