[Pkg-drupal-commits] r2114 - in /branches/lenny-security/debian: changelog patches/00list patches/18_SA-CORE-2009-009.dpatch

luigi at users.alioth.debian.org luigi at users.alioth.debian.org
Fri Jan 15 02:01:08 UTC 2010 

Author: luigi
Date: Fri Jan 15 02:00:59 2010
New Revision: 2114

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=2114
Log:
Fix XSS issues in Contact and Menu modules (Closes: #562165) (Ref: SA-CORE-2009-009, CVE-2009-4369, CVE-2009-4370, CVE-2009-4371)

Added:
    branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch   (with props)
Modified:
    branches/lenny-security/debian/changelog
    branches/lenny-security/debian/patches/00list

Modified: branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/changelog?rev=2114&op=diff
==============================================================================
--- branches/lenny-security/debian/changelog (original)
+++ branches/lenny-security/debian/changelog Fri Jan 15 02:00:59 2010
@@ -1,6 +1,11 @@
 drupal6 (6.6-3lenny4) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
+
+  [ Luigi Gangitano ]  
+  * debian/patches/18_SA-CORE-2009-009
+    - Fix XSS issues in Contact and Menu modules (Closes: #562165)
+      (Ref: SA-CORE-2009-009, CVE-2009-4369, CVE-2009-4370, CVE-2009-4371)
 
  -- Luigi Gangitano <luigi at debian.org>  Fri, 15 Jan 2010 00:44:59 +0100
 

Modified: branches/lenny-security/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/00list?rev=2114&op=diff
==============================================================================
--- branches/lenny-security/debian/patches/00list (original)
+++ branches/lenny-security/debian/patches/00list Fri Jan 15 02:00:59 2010
@@ -5,3 +5,4 @@
 15_SA-CORE-2009-006
 16_SA-CORE-2009-007
 17_SA-CORE-2009-008
+18_SA-CORE-2009-009

Added: branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch?rev=2114&op=file
==============================================================================
--- branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch (added)
+++ branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch Fri Jan 15 02:00:59 2010
@@ -1,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 18_SA-CORE-2009-009.dpatch by Luigi Gangitano <luigi at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix XSS in contact and menu modules
+
+ at DPATCH@
+diff -urNad lenny~/modules/contact/contact.admin.inc lenny/modules/contact/contact.admin.inc
+--- lenny~/modules/contact/contact.admin.inc	2009-08-05 02:51:53.000000000 +0200
++++ lenny/modules/contact/contact.admin.inc	2010-01-15 00:59:19.000000000 +0100
+@@ -13,7 +13,7 @@
+   $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
+   $rows = array();
+   while ($category = db_fetch_object($result)) {
+-    $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
++    $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+   }
+   $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
+ 
+diff -urNad lenny~/modules/menu/menu.admin.inc lenny/modules/menu/menu.admin.inc
+--- lenny~/modules/menu/menu.admin.inc	2009-08-05 02:51:24.000000000 +0200
++++ lenny/modules/menu/menu.admin.inc	2010-01-15 00:59:19.000000000 +0100
+@@ -15,6 +15,7 @@
+   while ($menu = db_fetch_array($result)) {
+     $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name'];
+     $menu['localized_options'] = array();
++    $menu['description'] = filter_xss_admin($menu['description']);
+     $content[] = $menu;
+   }
+   return theme('admin_block_content', $content);

Propchange: branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the Pkg-drupal-commits mailing list