Hi Attached is the full nmu patch.
Cheers Steffen
diff -u sork-passwd-h3-3.1/debian/changelog sork-passwd-h3-3.1/debian/changelog
--- sork-passwd-h3-3.1/debian/changelog
+++ sork-passwd-h3-3.1/debian/changelog
@@ -1,3 +1,11 @@
+sork-passwd-h3 (3.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix XSS via the backend parameter (Closes: #536554)
+ Fixes: CVE-2009-2360
+
+ -- Steffen Joeris <wh...@debian.org> Sat, 11 Jul 2009 06:02:56 +0000
+
sork-passwd-h3 (3.1-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- sork-passwd-h3-3.1.orig/debian/patches/0002-CVE-2009-2360.patch
+++ sork-passwd-h3-3.1/debian/patches/0002-CVE-2009-2360.patch
@@ -0,0 +1,54 @@
+--- ../old/sork-passwd-h3-3.1/main.php 2009-01-06 15:25:15.000000000 +0000
++++ sork-passwd-h3-3.1/main.php 2009-07-11 06:00:57.000000000 +0000
+@@ -15,8 +15,20 @@
+ require_once PASSWD_BASE . '/lib/base.php';
+ require PASSWD_BASE . '/config/backends.php';
+
++// Get the backend details.
++$backend_key = Horde_Util::getFormData('backend', false);
++if (!isset($backends[$backend_key])) {
++ $backend_key = null;
++}
++
++
++
+ // Use a do-while to allow easy breaking if an error is found.
+ do {
++ if (!$backend_key) {
++ break;
++ }
++
+ // Has the user submitted the form yet?
+ $submit = Util::getFormData('submit', false);
+ if (!$submit) {
+@@ -24,8 +36,6 @@
+ break;
+ }
+
+- // Get the backend details.
+- $backend_key = Util::getFormData('backend', false);
+ $driver = $backends[$backend_key]['driver'];
+ $params = $backends[$backend_key]['params'];
+ $password_policy = isset($backends[$backend_key]['password policy'])
+@@ -242,8 +252,8 @@
+
+ foreach ($backends as $key => $current_backend) {
+ $sel = ($key == $backend_key) ? ' selected="selected"' : '';
+- $backends_list .= "<option value=\"$key\"$sel>";
+- $backends_list .= $current_backend['name'] . '</option>';
++ $backends_list .= '<option value="' . htmlspecialchars($key) . '"' . $sel . '>' .
++ htmlspecialchars($current_backend['name']) . '</option>';
+ }
+ }
+
+--- ../old/sork-passwd-h3-3.1/templates/main/main.inc 2008-10-09 17:12:25.000000000 +0000
++++ sork-passwd-h3-3.1/templates/main/main.inc 2009-07-11 06:02:03.000000000 +0000
+@@ -53,7 +53,7 @@
+ <form method="post" action="<?php echo Horde::url('main.php', false, -1, true) ?>" name="passwd">
+ <?php echo Util::formInput() ?>
+ <?php if ($conf['backend']['backend_list'] == 'hidden'): ?>
+-<input type="hidden" name="backend" value="<?php echo $backend_key ?>" />
++<input type="hidden" name="backend" value="<?php echo htmlspecialchars($backend_key) ?>" />
+ <?php endif; if ($conf['user']['change'] !== true): ?>
+ <input type="hidden" name="userid" value="<?php echo htmlspecialchars($userid) ?>" />
+ <?php endif; ?>
signature.asc
Description: This is a digitally signed message part.
