Hi Attached is the full nmu patch.
Cheers Steffen
diff -u sork-passwd-h3-3.1/debian/changelog sork-passwd-h3-3.1/debian/changelog --- sork-passwd-h3-3.1/debian/changelog +++ sork-passwd-h3-3.1/debian/changelog @@ -1,3 +1,11 @@ +sork-passwd-h3 (3.1-1.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix XSS via the backend parameter (Closes: #536554) + Fixes: CVE-2009-2360 + + -- Steffen Joeris <wh...@debian.org> Sat, 11 Jul 2009 06:02:56 +0000 + sork-passwd-h3 (3.1-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- sork-passwd-h3-3.1.orig/debian/patches/0002-CVE-2009-2360.patch +++ sork-passwd-h3-3.1/debian/patches/0002-CVE-2009-2360.patch @@ -0,0 +1,54 @@ +--- ../old/sork-passwd-h3-3.1/main.php 2009-01-06 15:25:15.000000000 +0000 ++++ sork-passwd-h3-3.1/main.php 2009-07-11 06:00:57.000000000 +0000 +@@ -15,8 +15,20 @@ + require_once PASSWD_BASE . '/lib/base.php'; + require PASSWD_BASE . '/config/backends.php'; + ++// Get the backend details. ++$backend_key = Horde_Util::getFormData('backend', false); ++if (!isset($backends[$backend_key])) { ++ $backend_key = null; ++} ++ ++ ++ + // Use a do-while to allow easy breaking if an error is found. + do { ++ if (!$backend_key) { ++ break; ++ } ++ + // Has the user submitted the form yet? + $submit = Util::getFormData('submit', false); + if (!$submit) { +@@ -24,8 +36,6 @@ + break; + } + +- // Get the backend details. +- $backend_key = Util::getFormData('backend', false); + $driver = $backends[$backend_key]['driver']; + $params = $backends[$backend_key]['params']; + $password_policy = isset($backends[$backend_key]['password policy']) +@@ -242,8 +252,8 @@ + + foreach ($backends as $key => $current_backend) { + $sel = ($key == $backend_key) ? ' selected="selected"' : ''; +- $backends_list .= "<option value=\"$key\"$sel>"; +- $backends_list .= $current_backend['name'] . '</option>'; ++ $backends_list .= '<option value="' . htmlspecialchars($key) . '"' . $sel . '>' . ++ htmlspecialchars($current_backend['name']) . '</option>'; + } + } + +--- ../old/sork-passwd-h3-3.1/templates/main/main.inc 2008-10-09 17:12:25.000000000 +0000 ++++ sork-passwd-h3-3.1/templates/main/main.inc 2009-07-11 06:02:03.000000000 +0000 +@@ -53,7 +53,7 @@ + <form method="post" action="<?php echo Horde::url('main.php', false, -1, true) ?>" name="passwd"> + <?php echo Util::formInput() ?> + <?php if ($conf['backend']['backend_list'] == 'hidden'): ?> +-<input type="hidden" name="backend" value="<?php echo $backend_key ?>" /> ++<input type="hidden" name="backend" value="<?php echo htmlspecialchars($backend_key) ?>" /> + <?php endif; if ($conf['user']['change'] !== true): ?> + <input type="hidden" name="userid" value="<?php echo htmlspecialchars($userid) ?>" /> + <?php endif; ?>
signature.asc
Description: This is a digitally signed message part.