Bug#530271: NMU patch

Steffen Joeris Mon, 06 Jul 2009 03:05:04 -0700

Hi

Please find the NMU patch attached.


Cheers
Steffen

diff -u ipplan-4.91a/debian/changelog ipplan-4.91a/debian/changelog
--- ipplan-4.91a/debian/changelog
+++ ipplan-4.91a/debian/changelog
@@ -1,3 +1,13 @@
+ipplan (4.91a-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix cross-site scripting vulnerability, which can be exploited via
+    the userid, userdescrip, useremail, grp and grpdescrip parameters
+    (Closes: #530271)
+    Fixes: CVE-2009-1732
+
+ -- Steffen Joeris <wh...@debian.org>  Mon, 06 Jul 2009 08:09:24 +0000
+
 ipplan (4.91a-1) unstable; urgency=low
 
   * new upstream release
diff -u ipplan-4.91a/debian/patches/00list ipplan-4.91a/debian/patches/00list
--- ipplan-4.91a/debian/patches/00list
+++ ipplan-4.91a/debian/patches/00list
@@ -1,0 +2 @@
+CVE-2009-1732-xss.dpatch
only in patch2:
unchanged:
--- ipplan-4.91a.orig/debian/patches/CVE-2009-1732-xss.dpatch
+++ ipplan-4.91a/debian/patches/CVE-2009-1732-xss.dpatch
@@ -0,0 +1,36 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+...@dpatch@
+--- admin/usermanager.php	2009-03-19 07:44:03.000000000 +1100
++++ ipplan-4.91a/admin/usermanager.php	2009-05-30 16:34:08.000000000 +1000
+@@ -301,9 +301,13 @@
+     // First off we insert the user information and delete button.
+     insert($w, $t=table(array("cols"=>"2","border"=>"0","cellspacing"=>"2","width"=>"100%")));
+     insert($t, $c=cell());
+-    insert($c ,block("<b>".my_("Editing User: $userid")."</b><br>"));
+-    insert($c, block("<i>".my_("Real Name: ").$row["userdescrip"]."</i><br>"));
+-    insert($c, block(my_("e-mail: ").$row["useremail"]));
++    insert($c ,block("<b>"));
++    insert($c ,text(my_("Editing User: $userid")));
++    insert($c ,block("</b><br>"));
++    insert($c, block("<i>"));
++    insert($c, text(my_("Real Name: ").$row["userdescrip"]));
++    insert($c, block("</i><br>"));
++    insert($c, text(my_("e-mail: ").$row["useremail"]));
+     insert($t, $c=cell(array("align"=>"right")));
+     insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"])));
+     insert($f,hidden(array("name"=>"action","value"=>"deleteuser")));
+@@ -407,8 +411,11 @@
+     $resaddr   =$row["resaddr"];
+     insert($w, $t=table(array("width"=>"100%","cols"=>"2","border"=>"0","cellspacing"=>"0","valign"=>"middle")));
+     insert($t, $c = cell());
+-    insert($c, block("<b>".my_("Editing Group:")." $grp</b><br>"));
+-    insert($c, block("<i>".my_(" Description: ")."</i>".$grpdescrip));
++    insert($c, block("<b>"));
++    insert($c, text(my_("Editing Group:")." $grp"));
++    insert($c, block("</b><br>"));
++    insert($c, block("<i>".my_(" Description: ")."</i>"));
++    insert($c, text($grpdescrip));
+     insert($w,generic("br"));  
+     insert($t,$c = cell (array("align"=>"right")));
+     insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"])));

signature.asc
Description: This is a digitally signed message part.

Bug#530271: NMU patch

Reply via email to