Package: moodle
Severity: important
Tags: patch
The version of libphp-adodb included in the moodle package is vulnerable
to the cross site scripting vulnerabilities detailed in
CVE-2006-0806[1].
The attached patch is what was used by upstream to resolve this issue.
I'm not aware if it is necessary for you to have an embedded version of
libphp-adodb for various possible reasons, but you may wish to consider
just depending on the debian packaged version (it sure would make
dealing with the numerous security issues that libphp-adodb seems to
gather).
1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0806
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15+vserver
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
diff -Nur libphp-adodb-4.52/build-tree/adodb/adodb-pager.inc.php libphp-adodb-4.52.new/build-tree/adodb/adodb-pager.inc.php
--- libphp-adodb-4.52/build-tree/adodb/adodb-pager.inc.php 2004-08-10 01:26:22.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/adodb-pager.inc.php 2006-03-24 15:52:38.000000000 -0800
@@ -60,7 +60,7 @@
global $HTTP_SERVER_VARS,$PHP_SELF,$HTTP_SESSION_VARS,$HTTP_GET_VARS;
$curr_page = $id.'_curr_page';
- if (empty($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
+ if (empty($PHP_SELF)) $PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF']); // htmlspecialchars() to prevent XSS attacks
$this->sql = $sql;
$this->id = $id;
@@ -70,7 +70,7 @@
$next_page = $id.'_next_page';
if (isset($HTTP_GET_VARS[$next_page])) {
- $HTTP_SESSION_VARS[$curr_page] = $HTTP_GET_VARS[$next_page];
+ $HTTP_SESSION_VARS[$curr_page] = (integer) $HTTP_GET_VARS[$next_page];
}
if (empty($HTTP_SESSION_VARS[$curr_page])) $HTTP_SESSION_VARS[$curr_page] = 1; ## at first page
@@ -284,4 +284,4 @@
}
-?>
\ No newline at end of file
+?>
