[bugzilla/el5] CVE-2012-0466
Xavier Bachelot
xavierb at fedoraproject.org
Fri Apr 20 01:18:33 UTC 2012
commit ef87a5b1248ad1ad97ecb84f044d55759fd6da69
Author: Xavier Bachelot <xavier at bachelot.org>
Date: Fri Apr 20 03:18:00 2012 +0200
CVE-2012-0466
bugzilla-3.2.10-CVE-2012-0466.patch | 84 +++++++++++++++++++++++++++++++++++
bugzilla-EL5-perl-versions.patch | 18 -------
bugzilla.spec | 9 +++-
3 files changed, 92 insertions(+), 19 deletions(-)
---
diff --git a/bugzilla-3.2.10-CVE-2012-0466.patch b/bugzilla-3.2.10-CVE-2012-0466.patch
new file mode 100644
index 0000000..7489b1f
--- /dev/null
+++ b/bugzilla-3.2.10-CVE-2012-0466.patch
@@ -0,0 +1,84 @@
+=== modified file 'buglist.cgi'
+--- buglist.cgi 2012-04-17 18:41:05 +0000
++++ buglist.cgi 2012-04-18 12:06:08 +0000
+@@ -112,16 +112,6 @@
+ $cgi->param('ctype', "atom");
+ }
+
+-# The js ctype presents a security risk; a malicious site could use it
+-# to gather information about secure bugs. So, we only allow public bugs to be
+-# retrieved with this format.
+-#
+-# Note that if and when this call clears cookies or has other persistent
+-# effects, we'll need to do this another way instead.
+-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
+- Bugzilla->logout_request();
+-}
+-
+ # An agent is a program that automatically downloads and extracts data
+ # on its user's behalf. If this request comes from an agent, we turn off
+ # various aspects of bug list functionality so agent requests succeed
+
+=== modified file 'docs/en/xml/using.xml'
+--- docs/en/xml/using.xml 2011-01-28 16:30:29 +0000
++++ docs/en/xml/using.xml 2012-04-18 12:06:08 +0000
+@@ -659,16 +659,6 @@
+ </member>
+ </simplelist>
+ </para>
+-
+- <para>
+- If you would like to access the bug list from another program
+- it is often useful to have the list returned in something other
+- than HTML. By adding the ctype=type parameter into the bug list URL
+- you can specify several alternate formats. Besides the types described
+- above, the following formats are also supported: ECMAScript, also known
+- as JavaScript (ctype=js), and Resource Description Framework RDF/XML
+- (ctype=rdf).
+- </para>
+ </section>
+
+ <section id="individual-buglists">
+
+=== removed file 'template/en/default/list/list.js.tmpl'
+--- template/en/default/list/list.js.tmpl 2007-08-20 23:24:38 +0000
++++ template/en/default/list/list.js.tmpl 1970-01-01 00:00:00 +0000
+@@ -1,37 +0,0 @@
+-[%# The contents of this file are subject to the Mozilla Public
+- # License Version 1.1 (the "License"); you may not use this file
+- # except in compliance with the License. You may obtain a copy of
+- # the License at http://www.mozilla.org/MPL/
+- #
+- # Software distributed under the License is distributed on an "AS
+- # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+- # implied. See the License for the specific language governing
+- # rights and limitations under the License.
+- #
+- # The Original Code is the Bugzilla Bug Tracking System.
+- #
+- # The Initial Developer of the Original Code is Netscape Communications
+- # Corporation. Portions created by Netscape are
+- # Copyright (C) 1998 Netscape Communications Corporation. All
+- # Rights Reserved.
+- #
+- # Contributor(s): Gervase Markham <gerv at gerv.net>
+- #%]
+-
+-// Note: only publicly-accessible bugs (those not in any group) will be
+-// listed when using this JavaScript format. This is to prevent malicious
+-// sites stealing information about secure bugs.
+-
+-bugs = new Array;
+-
+-[% FOREACH bug = bugs %]
+- bugs[[% bug.bug_id %]] = [
+- [% FOREACH column = displaycolumns %]
+- "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %]
+- [% END %]
+- ];
+-[% END %]
+-
+-if (window.buglistCallback) {
+- buglistCallback(bugs);
+-}
+
diff --git a/bugzilla-EL5-perl-versions.patch b/bugzilla-EL5-perl-versions.patch
index cd12361..169d4de 100644
--- a/bugzilla-EL5-perl-versions.patch
+++ b/bugzilla-EL5-perl-versions.patch
@@ -22,21 +22,3 @@ diff -ruNp a/bugzilla-3.2.4/Bugzilla/Install/Requirements.pm b/bugzilla-3.2.4/Bu
# CGI::Carp in 3.46 and 3.47 breaks Template Toolkit
blacklist => ['^3\.46$', '^3\.47$'],
},
-@@ -97,7 +97,7 @@ sub REQUIRED_MODULES {
- {
- package => 'Email-MIME',
- module => 'Email::MIME',
-- version => '1.861'
-+ version => '1.859'
- },
- {
- package => 'Email-MIME-Encodings',
-@@ -108,7 +108,7 @@ sub REQUIRED_MODULES {
- {
- package => 'Email-MIME-Modifier',
- module => 'Email::MIME::Modifier',
-- version => '1.442'
-+ version => '1.441'
- },
- );
-
diff --git a/bugzilla.spec b/bugzilla.spec
index 4cc2980..f5c3b15 100644
--- a/bugzilla.spec
+++ b/bugzilla.spec
@@ -6,7 +6,7 @@ URL: http://www.bugzilla.org/
Name: bugzilla
Version: 3.2.10
Group: Applications/Publishing
-Release: 4%{?dist}
+Release: 5%{?dist}
License: MPLv1.1
Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz
Source1: bugzilla-httpd-conf
@@ -21,6 +21,7 @@ Patch6: bugzilla-3.2.10-CVE-2011-2978.patch
Patch7: bugzilla-3.2.10-CVE-2011-3657.patch
Patch8: bugzilla-3.2.10-CVE-2011-3667.patch
Patch9: bugzilla-3.2.10-CVE-2012-0448.patch
+Patch10: bugzilla-3.2.10-CVE-2012-0466.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -69,6 +70,7 @@ set -x
%patch7 -p0
%patch8 -p0
%patch9 -p0
+%patch10 -p0
# Filter unwanted Requires found by /usr/lib/rpm/perldeps.pl:
# create a wrapper script which runs the original perl_requires
@@ -170,6 +172,11 @@ popd > /dev/null)
%{bzinstallprefix}/bugzilla/contrib
%changelog
+* Fri Apr 20 2012 Xavier Bachelot <xavier at bachelot.org> - 3.2.10-5
+- Add patch for CVE-2012-0466.
+- Drop version requirement downgrade for perl(Email::MIME) and
+ perl(Email::MIME::Modifier).
+
* Wed Feb 01 2012 Xavier Bachelot <xavier at bachelot.org> - 3.2.10-4
- Add patch for CVE-2012-0448.
More information about the scm-commits
mailing list