[Pkg-tcltk-commits] r1712 - in tcllib/branches/wheezy/debian: . patches

sgolovan at alioth.debian.org sgolovan at alioth.debian.org
Tue Mar 10 08:57:59 UTC 2015 

Author: sgolovan
Date: 2015-03-10 08:57:38 +0000 (Tue, 10 Mar 2015)
New Revision: 1712

Added:
   tcllib/branches/wheezy/debian/patches/html-textarea-xss.diff
Modified:
   tcllib/branches/wheezy/debian/changelog
   tcllib/branches/wheezy/debian/patches/series
Log:
[tcllib]
  * Added a patch from upstream which fixes an XSS vulnerability in
    the html module for <textarea/> elements (closes: #780100).


Modified: tcllib/branches/wheezy/debian/changelog
===================================================================
--- tcllib/branches/wheezy/debian/changelog	2015-03-10 08:36:15 UTC (rev 1711)
+++ tcllib/branches/wheezy/debian/changelog	2015-03-10 08:57:38 UTC (rev 1712)
@@ -1,3 +1,10 @@
+tcllib (1.14-dfsg-3+deb7u1) stable; urgency=low
+
+  * Added a patch from upstream which fixes an XSS vulnerability in
+    the html module for <textarea/> elements (closes: #780100).
+
+ -- Sergei Golovan <sgolovan at debian.org>  Tue, 10 Mar 2015 11:39:48 +0300
+
 tcllib (1.14-dfsg-3) unstable; urgency=low
 
   * Added a patch which fixes ::ini::commit procedure in the inifile module.

Added: tcllib/branches/wheezy/debian/patches/html-textarea-xss.diff
===================================================================
--- tcllib/branches/wheezy/debian/patches/html-textarea-xss.diff	                        (rev 0)
+++ tcllib/branches/wheezy/debian/patches/html-textarea-xss.diff	2015-03-10 08:57:38 UTC (rev 1712)
@@ -0,0 +1,16 @@
+Author: upstream
+Description: Patch fixes an XSS vulnerability in <textarea/> HTML element in
+    the html Tcllib module
+Last-Modified: Mon, 09 Mar 2015 15:06:15 +0300
+
+--- a/modules/html/html.tcl
++++ b/modules/html/html.tcl
+@@ -912,7 +912,7 @@
+ #	The html fragment
+ 
+ proc ::html::textarea {name {param {}} {current {}}} {
+-    ::set value [ncgi::value $name $current]
++    ::set value [quoteFormValue [ncgi::value $name $current]]
+     return "<[string trimright \
+ 	"textarea name=\"$name\"\
+ 		[tagParam textarea $param]"]>$value</textarea>\n"

Modified: tcllib/branches/wheezy/debian/patches/series
===================================================================
--- tcllib/branches/wheezy/debian/patches/series	2015-03-10 08:36:15 UTC (rev 1711)
+++ tcllib/branches/wheezy/debian/patches/series	2015-03-10 08:57:38 UTC (rev 1712)
@@ -1,3 +1,4 @@
 build.diff
 manpages.diff
 ini.diff
+html-textarea-xss.diff

More information about the Pkg-tcltk-commits mailing list