Dear maintainer, I've prepared an NMU for phppgadmin (versioned as 4.2-1.1) This is the testing-proposed-updates revision
Regards. diff -u phppgadmin-4.2/debian/changelog phppgadmin-4.2/debian/changelog --- phppgadmin-4.2/debian/changelog +++ phppgadmin-4.2/debian/changelog @@ -1,3 +1,10 @@ +phppgadmin (4.2-1.1) testing-proposed-updates; urgency=low + + * Non-maintainer upload. + * Fix Local File Inclusion Vulnerability (Closes: #508026) + + -- Giuseppe Iuculano <giuse...@iuculano.it> Fri, 12 Dec 2008 18:50:16 +0100 + phppgadmin (4.2-1) unstable; urgency=low * New upstream release diff -u phppgadmin-4.2/debian/patches/series phppgadmin-4.2/debian/patches/series --- phppgadmin-4.2/debian/patches/series +++ phppgadmin-4.2/debian/patches/series @@ -2,0 +3 @@ +sanitize-include.patch only in patch2: unchanged: --- phppgadmin-4.2.orig/debian/patches/sanitize-include.patch +++ phppgadmin-4.2/debian/patches/sanitize-include.patch @@ -0,0 +1,12 @@ +$_language must be sanitized to prevent Local File Inclusion with register_globals on +--- a/libraries/lib.inc.php ++++ b/libraries/lib.inc.php +@@ -133,6 +133,8 @@ + + // Import the language file + if (isset($_language)) { ++ // Sanitize $_language, see #508026 ++ $_language = str_replace ('..','',$_language); + include("./lang/recoded/{$_language}.php"); + $_SESSION['webdbLanguage'] = $_language; + } -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org