[Spip-maintainers] [rt.debian.org #3837] SPIP stable update (fixes #680118)

David Prévot taffit at debian.org
Tue Jul 3 19:26:27 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

As noted in #680118, I just updated the proposed security upload [0].

     0: http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc

Here is an attempt DSA text:

- ----------------%<--------------------------------%<----------------

Package        : spip
Vulnerability  : cross-site scripting
Problem type   : remote
Debian-specific: no
CVE ID         : not available yet

Four cross-site scripting and a PHP injection vulnerabilities have been
found in SPIP, a website engine for publishing.

For the stable distribution (squeeze), this problem has been fixed in
version 2.1.1-3squeeze4.

For the unstable distribution (sid), this problem will be fixed soon.

- ---------------->%-------------------------------->%----------------

The fixed version for Sid and Wheezy could be 2.1.16-1 or 2.1.15-2 if
the RT disagrees with the pair of tiny bugfixes also backported to the
2.1 branch with the new upstream version. Upstream is currently fixing
the 2.1.16 “zip” tarball: I'll send the debdiff to the RT ASAP.

The only difference since the previously proposed version is in the
security screen. Beside the edited comments, the actual change is:

> /*
>  * Injection par connect
>  */
> if (isset($_REQUEST['connect'])
> 	AND
> 	// cas qui permettent de sortir d'un commentaire PHP
> 	(strpos($_REQUEST['connect'], "?".">")!==false
> 	 OR strpos($_REQUEST['connect'], "\n")!==false
> 	 OR strpos($_REQUEST['connect'], "\r")!==false)
> 	) {
> 	$_REQUEST['connect'] = str_replace(array("?".">", "\r", "\n"), "", $_REQUEST['connect']);
> 	if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
> 	if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];
> }

Regards

David


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJP80dgAAoJELgqIXr9/gnyciEP/2GeNmKWJwL5rzjMpDyYSVBC
9K/R16yT8rK7OC8RLbsgUQwNkjkve8/KVoPHOk8SMqqBYhv9SGhKIqvvZpBL51t9
O0WD7wYfhzjhmbLKuWKPqZGX0FJBMf3DE6Jf8y0TVIgH3d3PsCUVKL7Jt79Q+OkX
ZxrzN/hiWVkzEOlorgcb56UQ3qm+DHVkeh3NZBh9cX+VgL9z3Qm5KFnBUIk+9KUg
tpEkvJYevvoFf9YpES42Kz6qlVqbAxhT54I8z7Y3UUgQ36KC33TNfX0ILVCZ06gQ
Tt7u2t/uaCVozf2FJ307XJiSEUbFKFfJ2IHzVACNbCFJnYa6bvnxOk06Y9jb1I1Q
RoLo/Vh78cwhipR9EBaKi0xRK6beMo9SNrUkEfr3ulRv5Kg2KuPQm3aq3yoslk9t
rcg5BrtFoQD+Ouv9hkZ+HWszy52YsI9eDg8c40s+RP7LcnefdC2rpK5iudSljHfU
pJY5mh5S1jroqtbKDeq2BY1LS96FPuDynC7VPqZQ3DTXRMTUC0B77Nt0RhTKr16E
sZmZPVnMBhPBoco2077lp3Jc4LGcdiDKT4+NXEfKoLgErR5/K5KbREdCJ3PP+Ztt
xTwivIMk5vvbeAqTrHZah1bhMxZAvlHSQ3bpQ9bvS6rsyzJ43Jp9XziN8PieEDIw
KfUydW+qDpaH374w2WrE
=6GpT
-----END PGP SIGNATURE-----

More information about the Spip-maintainers mailing list