Hi, I intend to NMU this bug. The attached patch fixes this issue. It will be also archived on: http://people.debian.org/~nion/nmu-diff/gnatsweb_4.00-1_4.00-1.1.patch
Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u gnatsweb-4.00/debian/changelog gnatsweb-4.00/debian/changelog
--- gnatsweb-4.00/debian/changelog
+++ gnatsweb-4.00/debian/changelog
@@ -1,3 +1,12 @@
+gnatsweb (4.00-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Fixed missing escaping of the database parameter which leads
+ to a cross-site scripting vulnerability (XSS) via this
+ parameter (CVE-2007-2808) (Closes: # 427156).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 06 Oct 2007 15:03:47 +0200
+
gnatsweb (4.00-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- gnatsweb-4.00.orig/gnatsweb.pl
+++ gnatsweb-4.00/gnatsweb.pl
@@ -1312,6 +1312,7 @@
{
my($cmd, $pr, $include_return_url) = @_;
my $url = $q->url() . "?cmd=$cmd&database=$global_prefs{'database'}";
+ $global_prefs{'database'}=$q->escapeHTML($global_prefs{'database'});
$url .= "&pr=$pr" if $pr;
$url .= "&return_url=" . $q->escape($q->self_url())
if $include_return_url;
pgpREFCCZ6c48.pgp
Description: PGP signature
