[BackupPC] CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm (bz #795017, #795018, #795019)

Bernard Johnson bjohnson at fedoraproject.org
Mon Dec 24 23:46:14 UTC 2012 

commit 86a19c173b01a07c887f8b880e53a86176ea56d7
Author: Bernard Johnson <bjohnson at symetrix.com>
Date:   Mon Dec 24 16:25:27 2012 -0700

    CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm
    (bz #795017, #795018, #795019)

 BackupPC-3.2.1-fix-XSS-vulnerability2.patch |   18 ++++++++++++++++++
 BackupPC.spec                               |    4 ++++
 2 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/BackupPC-3.2.1-fix-XSS-vulnerability2.patch b/BackupPC-3.2.1-fix-XSS-vulnerability2.patch
new file mode 100644
index 0000000..32e28bb
--- /dev/null
+++ b/BackupPC-3.2.1-fix-XSS-vulnerability2.patch
@@ -0,0 +1,18 @@
+CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm
+--- backuppc-3.2.1.orig/lib/BackupPC/CGI/RestoreFile.pm
++++ backuppc-3.2.1/lib/BackupPC/CGI/RestoreFile.pm
+@@ -154,12 +154,12 @@
+     my $a = $view->fileAttrib($num, $share, $dir);
+     if ( $dir =~ m{(^|/)\.\.(/|$)} || !defined($a) ) {
+         $dir = decode_utf8($dir);
+-        ErrorExit("Can't restore bad file ${EscHTML($dir)} ($num, $share)");
++        ErrorExit("Can't restore bad file ${EscHTML($dir)} (${EscHTML($num)}, ${EscHTML($share)})");
+     }
+     my $f = BackupPC::FileZIO->open($a->{fullPath}, 0, $a->{compress});
+     if ( !defined($f) ) {
+         my $fullPath = decode_utf8($a->{fullPath});
+-        ErrorExit("Unable to open file ${EscHTML($fullPath)} ($num, $share)");
++        ErrorExit("Unable to open file ${EscHTML($fullPath)} (${EscHTML($num)}, ${EscHTML($share)})");
+     }
+     my $data;
+     if ( !$skipHardLink && $a->{type} == BPC_FTYPE_HARDLINK ) {
diff --git a/BackupPC.spec b/BackupPC.spec
index 02c8d7d..18c586d 100644
--- a/BackupPC.spec
+++ b/BackupPC.spec
@@ -23,6 +23,7 @@ Patch0:         BackupPC-3.2.1-locatedb.patch
 Patch1:         BackupPC-3.2.1-rundir.patch
 Patch2:         BackupPC-3.2.1-piddir.patch
 Patch3:         BackupPC-3.2.1-fix-XSS-vulnerability.patch
+Patch4:         BackupPC-3.2.1-fix-XSS-vulnerability2.patch
 Source1:        BackupPC.htaccess
 Source2:        BackupPC.logrotate
 Source3:        BackupPC-README.fedora
@@ -85,6 +86,7 @@ configurable and easy to install and maintain.
 %patch1 -p1 -b .rundir
 %patch2 -p1 -b .piddir
 %patch3 -p1 -b .fix-XSS-vulnerability
+%patch4 -p1 -b .fix-XSS-vulnerability2
 
 sed -i "s|\"backuppc\"|\"$LOGNAME\"|g" configure.pl
 for f in ChangeLog doc/BackupPC.pod doc/BackupPC.html; do
@@ -332,6 +334,8 @@ fi
 %changelog
 * Sun Dec 24 2012 Bernard Johnson <bjohnson at symetrix.com> 3.2.1-10
 - cleanup build macros for Fedora
+- CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm
+  (bz #795017, #795018, #795019)
 
 * Sun Dec  6 2012 Peter Robinson <pbrobinson at fedoraproject.org> 3.2.1-9
 - Fix FTBFS on F-18+

More information about the scm-commits mailing list