[Pkg-drupal-commits] r2114 - in /branches/lenny-security/debian: changelog patches/00list patches/18_SA-CORE-2009-009.dpatch
luigi at users.alioth.debian.org
luigi at users.alioth.debian.org
Fri Jan 15 02:01:08 UTC 2010
Author: luigi
Date: Fri Jan 15 02:00:59 2010
New Revision: 2114
URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=2114
Log:
Fix XSS issues in Contact and Menu modules (Closes: #562165) (Ref: SA-CORE-2009-009, CVE-2009-4369, CVE-2009-4370, CVE-2009-4371)
Added:
branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch (with props)
Modified:
branches/lenny-security/debian/changelog
branches/lenny-security/debian/patches/00list
Modified: branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/changelog?rev=2114&op=diff
==============================================================================
--- branches/lenny-security/debian/changelog (original)
+++ branches/lenny-security/debian/changelog Fri Jan 15 02:00:59 2010
@@ -1,6 +1,11 @@
drupal6 (6.6-3lenny4) UNRELEASED; urgency=low
* NOT RELEASED YET
+
+ [ Luigi Gangitano ]
+ * debian/patches/18_SA-CORE-2009-009
+ - Fix XSS issues in Contact and Menu modules (Closes: #562165)
+ (Ref: SA-CORE-2009-009, CVE-2009-4369, CVE-2009-4370, CVE-2009-4371)
-- Luigi Gangitano <luigi at debian.org> Fri, 15 Jan 2010 00:44:59 +0100
Modified: branches/lenny-security/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/00list?rev=2114&op=diff
==============================================================================
--- branches/lenny-security/debian/patches/00list (original)
+++ branches/lenny-security/debian/patches/00list Fri Jan 15 02:00:59 2010
@@ -5,3 +5,4 @@
15_SA-CORE-2009-006
16_SA-CORE-2009-007
17_SA-CORE-2009-008
+18_SA-CORE-2009-009
Added: branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch?rev=2114&op=file
==============================================================================
--- branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch (added)
+++ branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch Fri Jan 15 02:00:59 2010
@@ -1,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 18_SA-CORE-2009-009.dpatch by Luigi Gangitano <luigi at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix XSS in contact and menu modules
+
+ at DPATCH@
+diff -urNad lenny~/modules/contact/contact.admin.inc lenny/modules/contact/contact.admin.inc
+--- lenny~/modules/contact/contact.admin.inc 2009-08-05 02:51:53.000000000 +0200
++++ lenny/modules/contact/contact.admin.inc 2010-01-15 00:59:19.000000000 +0100
+@@ -13,7 +13,7 @@
+ $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
+ $rows = array();
+ while ($category = db_fetch_object($result)) {
+- $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
++ $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+ }
+ $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
+
+diff -urNad lenny~/modules/menu/menu.admin.inc lenny/modules/menu/menu.admin.inc
+--- lenny~/modules/menu/menu.admin.inc 2009-08-05 02:51:24.000000000 +0200
++++ lenny/modules/menu/menu.admin.inc 2010-01-15 00:59:19.000000000 +0100
+@@ -15,6 +15,7 @@
+ while ($menu = db_fetch_array($result)) {
+ $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name'];
+ $menu['localized_options'] = array();
++ $menu['description'] = filter_xss_admin($menu['description']);
+ $content[] = $menu;
+ }
+ return theme('admin_block_content', $content);
Propchange: branches/lenny-security/debian/patches/18_SA-CORE-2009-009.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-drupal-commits
mailing list