[Spip-maintainers] [rt.debian.org #3837] SPIP stable update (fixes #680118)
David Prévot
taffit at debian.org
Tue Jul 3 19:26:27 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
As noted in #680118, I just updated the proposed security upload [0].
0: http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc
Here is an attempt DSA text:
- ----------------%<--------------------------------%<----------------
Package : spip
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE ID : not available yet
Four cross-site scripting and a PHP injection vulnerabilities have been
found in SPIP, a website engine for publishing.
For the stable distribution (squeeze), this problem has been fixed in
version 2.1.1-3squeeze4.
For the unstable distribution (sid), this problem will be fixed soon.
- ---------------->%-------------------------------->%----------------
The fixed version for Sid and Wheezy could be 2.1.16-1 or 2.1.15-2 if
the RT disagrees with the pair of tiny bugfixes also backported to the
2.1 branch with the new upstream version. Upstream is currently fixing
the 2.1.16 “zip” tarball: I'll send the debdiff to the RT ASAP.
The only difference since the previously proposed version is in the
security screen. Beside the edited comments, the actual change is:
> /*
> * Injection par connect
> */
> if (isset($_REQUEST['connect'])
> AND
> // cas qui permettent de sortir d'un commentaire PHP
> (strpos($_REQUEST['connect'], "?".">")!==false
> OR strpos($_REQUEST['connect'], "\n")!==false
> OR strpos($_REQUEST['connect'], "\r")!==false)
> ) {
> $_REQUEST['connect'] = str_replace(array("?".">", "\r", "\n"), "", $_REQUEST['connect']);
> if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
> if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];
> }
Regards
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJP80dgAAoJELgqIXr9/gnyciEP/2GeNmKWJwL5rzjMpDyYSVBC
9K/R16yT8rK7OC8RLbsgUQwNkjkve8/KVoPHOk8SMqqBYhv9SGhKIqvvZpBL51t9
O0WD7wYfhzjhmbLKuWKPqZGX0FJBMf3DE6Jf8y0TVIgH3d3PsCUVKL7Jt79Q+OkX
ZxrzN/hiWVkzEOlorgcb56UQ3qm+DHVkeh3NZBh9cX+VgL9z3Qm5KFnBUIk+9KUg
tpEkvJYevvoFf9YpES42Kz6qlVqbAxhT54I8z7Y3UUgQ36KC33TNfX0ILVCZ06gQ
Tt7u2t/uaCVozf2FJ307XJiSEUbFKFfJ2IHzVACNbCFJnYa6bvnxOk06Y9jb1I1Q
RoLo/Vh78cwhipR9EBaKi0xRK6beMo9SNrUkEfr3ulRv5Kg2KuPQm3aq3yoslk9t
rcg5BrtFoQD+Ouv9hkZ+HWszy52YsI9eDg8c40s+RP7LcnefdC2rpK5iudSljHfU
pJY5mh5S1jroqtbKDeq2BY1LS96FPuDynC7VPqZQ3DTXRMTUC0B77Nt0RhTKr16E
sZmZPVnMBhPBoco2077lp3Jc4LGcdiDKT4+NXEfKoLgErR5/K5KbREdCJ3PP+Ztt
xTwivIMk5vvbeAqTrHZah1bhMxZAvlHSQ3bpQ9bvS6rsyzJ43Jp9XziN8PieEDIw
KfUydW+qDpaH374w2WrE
=6GpT
-----END PGP SIGNATURE-----
More information about the Spip-maintainers
mailing list