tags 377299 +patch
thanks
Hello,
CVE-2006-3320: Cross-site scripting (XSS) vulnerability in command.php
in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary
web script or HTML via the command parameter.
I've already fixed this by NMU in unstable. I've also prepared an
updated package for stable - question is if the security team wants to
release an advisory for this and if this package is ok. See attachment.
Let me know, if it's ok I'll upload it to stable-security.
Attached are the diffs for the sid NMU and the proposed sarge NMU.
Thanks.
Thijs
diff -u sitebar-3.2.6/debian/changelog sitebar-3.2.6/debian/changelog
--- sitebar-3.2.6/debian/changelog
+++ sitebar-3.2.6/debian/changelog
@@ -1,3 +1,11 @@
+sitebar (3.2.6-7.1) unstable; urgency=low
+
+ * Non-maintainer upload for security bug fix.
+ * Properly encode the 'command' parameter of command.php
+(CVE-2006-3320, Closes: #377299).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Fri, 28 Jul 2006 14:42:47 +0200
+
sitebar (3.2.6-7) unstable; urgency=low
* Updated maintainer field to reference my shiny new debian.org address
only in patch2:
unchanged:
--- sitebar-3.2.6.orig/command.php
+++ sitebar-3.2.6/command.php
@@ -3814,7 +3814,7 @@
?
-div id=?php echo ($cw-hasErrors()?$errId:'command').'Head'??php echo T($cw-command)?/div
+div id=?php echo ($cw-hasErrors()?$errId:'command').'Head'??php echo htmlspecialchars(T($cw-command))?/div
div id=?php echo ($cw-hasErrors()?$errId:'command').'Body'?
?php
if ($cw-hasErrors())
diff -u sitebar-3.3.8/debian/changelog sitebar-3.3.8/debian/changelog
--- sitebar-3.3.8/debian/changelog
+++ sitebar-3.3.8/debian/changelog
@@ -1,3 +1,11 @@
+sitebar (3.3.8-1.1) unstable; urgency=high
+
+ * High urgency upload for RC security bug fix.
+ * Properly encode the 'command' parameter of command.php
+(CVE-2006-3320, Closes: #377299).
+
+ -- Thijs Kinkhorst [EMAIL PROTECTED] Fri, 28 Jul 2006 14:29:31 +0200
+
sitebar (3.3.8-1) unstable; urgency=low
* New upstream release and new maintainer (Closes: #358893)
only in patch2:
unchanged:
--- sitebar-3.3.8.orig/command.php
+++ sitebar-3.3.8/command.php
@@ -5809,7 +5809,7 @@
?
div id=?php echo ($cw-hasErrors()?$errId:'command').'Head'? class=cmnTitle
div id=help onclick=SB_openHelp('?php echo $onlineHelp ?')?/div
-div id=command?php echo SB_T($cw-command)?/div
+div id=command?php echo htmlspecialchars(SB_T($cw-command))?/div
/div
div id=?php echo ($cw-hasErrors()?$errId:'command').'Body'?
?php
signature.asc
Description: This is a digitally signed message part