[pkg-horde] following security issues

Gregory Colpart reg at evolix.fr
Sun Sep 23 17:58:15 UTC 2007


On Fri, Sep 14, 2007 at 02:04:24AM +0200, Gregory Colpart wrote:
> for horde3 and imp4 packages:
> http://security-tracker.debian.net/tracker/source-package/horde3
> http://security-tracker.debian.net/tracker/source-package/imp4
> 
> Little summary:
> ===============
> 
> * For Sid, no security bug (all packages are up-to-date).
> * For Etch, I wait response from security team about #434045 since july.
>   We must verify CVE-2007-1515 for imp4.

I verify and etch is not vulnerable (bug #415117).
I will add CVE to its changelog.

But while I was seeing changes for IMP 4.1.3 to 4.1.4, I see
other changes which could be security issues. I attach a patch.
Comments welcome.


Regards,
-- 
Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
-------------- next part --------------
diff -ru imp4-4.1.3.ori/lib/MIME/Viewer/itip.php imp4-4.1.3/lib/MIME/Viewer/itip.php
--- imp4-4.1.3.ori/lib/MIME/Viewer/itip.php	2007-09-23 15:38:19.000000000 +0200
+++ imp4-4.1.3/lib/MIME/Viewer/itip.php	2007-09-23 15:48:07.000000000 +0200
@@ -623,9 +623,9 @@
 
         $summary = $vevent->getAttribute('SUMMARY');
         if (is_a($summary, 'PEAR_Error')) {
-            $desc = sprintf($desc, $sender, _("Unknown Meeting"));
+            $desc = sprintf($desc, htmlspecialchars($sender), _("Unknown Meeting"));
         } else {
-            $desc = sprintf($desc, $sender, $summary);
+            $desc = sprintf($desc, htmlspecialchars($sender), htmlspecialchars($summary));
         }
 
         $html .= '<h2 class="header">' . $desc . '</h2>';
diff -ru imp4-4.1.3.ori/templates/pgp/import_key.inc imp4-4.1.3/templates/pgp/import_key.inc
--- imp4-4.1.3.ori/templates/pgp/import_key.inc	2007-09-23 15:38:17.000000000 +0200
+++ imp4-4.1.3/templates/pgp/import_key.inc	2007-09-23 16:04:22.000000000 +0200
@@ -20,7 +20,7 @@
 <?php if ($GLOBALS['browser']->hasQuirk('broken_multipart_form')): ?>
 <input type="hidden" name="msie_formdata_is_broken" value="" />
 <?php endif; ?>
-<input type="hidden" name="reload" value="<?php echo Util::getFormData('reload') ?>" />
+<input type="hidden" name="reload" value="<?php echo htmlspecialchars(html_entity_decode(Util::getFormData('reload'))) ?>" />
 <input type="hidden" name="actionID" value="<?php echo $target ?>" />
 <?php Util::pformInput(); ?>
 
diff -ru imp4-4.1.3.ori/templates/pgp/passphrase.inc imp4-4.1.3/templates/pgp/passphrase.inc
--- imp4-4.1.3.ori/templates/pgp/passphrase.inc	2007-09-23 15:38:17.000000000 +0200
+++ imp4-4.1.3/templates/pgp/passphrase.inc	2007-09-23 16:05:29.000000000 +0200
@@ -1,7 +1,7 @@
 <?php if (!is_a($secure_check, 'PEAR_Error')): ?>
 <form method="post" name="passphrase_dialog" action="<?php echo $submit_url ?>">
 <?php if (($reload = Util::getFormData('reload'))): ?>
-<input type="hidden" name="reload" value="<?php echo $reload ?>" />
+<input type="hidden" name="reload" value="<?php echo htmlspecialchars(html_entity_decode($reload)) ?>" />
 <?php endif; ?>
 <?php if (($action = Util::getFormData('passphrase_action'))): ?>
 <input type="hidden" name="passphrase_action" value="<?php echo $action ?>" />
diff -ru imp4-4.1.3.ori/templates/smime/import_key.inc imp4-4.1.3/templates/smime/import_key.inc
--- imp4-4.1.3.ori/templates/smime/import_key.inc	2007-09-23 15:38:17.000000000 +0200
+++ imp4-4.1.3/templates/smime/import_key.inc	2007-09-23 16:24:56.000000000 +0200
@@ -15,7 +15,7 @@
 <?php if ($GLOBALS['browser']->hasQuirk('broken_multipart_form')): ?>
 <input type="hidden" name="msie_formdata_is_broken" value="" />
 <?php endif; ?>
-<input type="hidden" name="reload" value="<?php echo Util::getFormData('reload'); ?>" />
+<input type="hidden" name="reload" value="<?php echo htmlspecialchars(html_entity_decode(Util::getFormData('reload'))); ?>" />
 <input type="hidden" name="actionID" value="<?php echo $target ?>" />
 <?php Util::pformInput(); ?>
 
diff -ru imp4-4.1.3.ori/templates/smime/passphrase.inc imp4-4.1.3/templates/smime/passphrase.inc
--- imp4-4.1.3.ori/templates/smime/passphrase.inc	2007-09-23 15:38:17.000000000 +0200
+++ imp4-4.1.3/templates/smime/passphrase.inc	2007-09-23 16:28:04.000000000 +0200
@@ -1,7 +1,7 @@
 <?php if (!is_a($secure_check, 'PEAR_Error')): ?>
 <form method="post" name="passphrase_dialog" action="<?php echo $submit_url ?>">
 <?php if (($reload = Util::getFormData('reload'))): ?>
-<input type="hidden" name="reload" value="<?php echo $reload ?>" />
+<input type="hidden" name="reload" value="<?php echo htmlspecialchars(html_entity_decode($reload)) ?>" />
 <?php endif; ?>
 <?php if (($action = Util::getFormData('passphrase_action'))): ?>
 <input type="hidden" name="passphrase_action" value="<?php echo $action ?>" />


More information about the pkg-horde-hackers mailing list