Dear maintainer,
I've prepared an NMU for phppgadmin (versioned as 4.2-1.1)
This is the testing-proposed-updates revision
Regards.
diff -u phppgadmin-4.2/debian/changelog phppgadmin-4.2/debian/changelog
--- phppgadmin-4.2/debian/changelog
+++ phppgadmin-4.2/debian/changelog
@@ -1,3 +1,10 @@
+phppgadmin (4.2-1.1) testing-proposed-updates; urgency=low
+
+ * Non-maintainer upload.
+ * Fix Local File Inclusion Vulnerability (Closes: #508026)
+
+ -- Giuseppe Iuculano <giuse...@iuculano.it> Fri, 12 Dec 2008 18:50:16 +0100
+
phppgadmin (4.2-1) unstable; urgency=low
* New upstream release
diff -u phppgadmin-4.2/debian/patches/series
phppgadmin-4.2/debian/patches/series
--- phppgadmin-4.2/debian/patches/series
+++ phppgadmin-4.2/debian/patches/series
@@ -2,0 +3 @@
+sanitize-include.patch
only in patch2:
unchanged:
--- phppgadmin-4.2.orig/debian/patches/sanitize-include.patch
+++ phppgadmin-4.2/debian/patches/sanitize-include.patch
@@ -0,0 +1,12 @@
+$_language must be sanitized to prevent Local File Inclusion with
register_globals on
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -133,6 +133,8 @@
+
+ // Import the language file
+ if (isset($_language)) {
++ // Sanitize $_language, see #508026
++ $_language = str_replace ('..','',$_language);
+ include("./lang/recoded/{$_language}.php");
+ $_SESSION['webdbLanguage'] = $_language;
+ }
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
