Bug#1007948: buster-pu: package phpliteadmin/1.9.7.1-2+deb10u1

Sat, 19 Mar 2022 00:21:22 -0700 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Dear Stable Release Managers,

This request is about updating buster.

Salvatore Bonaccorso on the Security Team suggested me to fix a revealed
XSS vulnerability trough the upcoming point release. The issue has got
the assigned number CVE-2021-46709. The proposed fix is a trivial one-
liner patch casting $_POST['num'] to (int).


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
 phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium
 .
   * Fix CVE-2021-46709, an XSS issue with the num POST parameter


diffstat for phpliteadmin-1.9.7.1 phpliteadmin-1.9.7.1

 changelog                      |    6 ++++++
 patches/Fix-post-num-XSS.patch |   16 ++++++++++++++++
 patches/series                 |    1 +
 3 files changed, 23 insertions(+)

diff -Nru phpliteadmin-1.9.7.1/debian/changelog 
phpliteadmin-1.9.7.1/debian/changelog
--- phpliteadmin-1.9.7.1/debian/changelog       2018-05-17 20:25:20.000000000 
+0300
+++ phpliteadmin-1.9.7.1/debian/changelog       2022-03-19 09:37:15.000000000 
+0300
@@ -1,3 +1,9 @@
+phpliteadmin (1.9.7.1-2+deb10u1) buster; urgency=medium
+
+  * Fix CVE-2021-46709, an XSS issue with the num POST parameter
+
+ -- Nicholas Guriev <guriev...@ya.ru>  Sat, 19 Mar 2022 09:37:15 +0300
+
 phpliteadmin (1.9.7.1-2) unstable; urgency=medium
 
   * Fix CVE-2018-10362 by Fix-authentication-bypass.patch (closes: #896682)
diff -Nru phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 
phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch
--- phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch  1970-01-01 
03:00:00.000000000 +0300
+++ phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch  2022-03-19 
09:35:27.000000000 +0300
@@ -0,0 +1,16 @@
+Description: Fix an XSS vulnerability with the num POST parameter
+ Forcibly cast value to integer. CVE-2021-46709
+Author: Nicholas Guriev <guriev...@ya.ru>
+Last-Update: Sat, 19 Mar 2022 09:35:27 +0300
+
+--- a/index.php
++++ b/index.php
+@@ -2512,7 +2512,7 @@ if(isset($_GET['action']) && !isset($_GE
+                       echo "<form 
action='?table=".urlencode($target_table)."&amp;action=row_create&amp;confirm=1'
 method='post'>";
+                       echo $token_html;
+                       if(isset($_POST['num']))
+-                              $num = $_POST['num'];
++                              $num = (int)$_POST['num'];
+                       else
+                               $num = 1;
+                       echo "<input type='hidden' name='numRows' 
value='".$num."'/>";
diff -Nru phpliteadmin-1.9.7.1/debian/patches/series 
phpliteadmin-1.9.7.1/debian/patches/series
--- phpliteadmin-1.9.7.1/debian/patches/series  2018-05-17 20:25:20.000000000 
+0300
+++ phpliteadmin-1.9.7.1/debian/patches/series  2022-03-19 09:35:27.000000000 
+0300
@@ -1,3 +1,4 @@
 Remove-spontaneous-access-to-Internet.patch
 Remove-using-build-date.patch
 Fix-authentication-bypass.patch
+Fix-post-num-XSS.patch

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to