rpms/roundcubemail/devel roundcubemail-0.2-CVE-2009-0413.patch, NONE, 1.1 roundcubemail.spec, 1.18, 1.19
Jon Ciesla
limb at fedoraproject.org
Wed Feb 4 16:22:39 UTC 2009
- Previous message: rpms/ochusha/devel ochusha-head-g++44.patch, NONE, 1.1 ochusha.spec, 1.93, 1.94
- Next message: rpms/libcroco/devel .cvsignore, 1.6, 1.7 libcroco.spec, 1.22, 1.23 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: limb
Update of /cvs/pkgs/rpms/roundcubemail/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6620
Modified Files:
roundcubemail.spec
Added Files:
roundcubemail-0.2-CVE-2009-0413.patch
Log Message:
Patch for CVE-2009-0413, BZ 484052
roundcubemail-0.2-CVE-2009-0413.patch:
--- NEW FILE roundcubemail-0.2-CVE-2009-0413.patch ---
--- CHANGELOG~ 2009-02-04 09:58:46.000000000 -0600
+++ CHANGELOG 2009-02-04 09:58:46.000000000 -0600
@@ -3,0 +4,4 @@
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
--- program/lib/washtml.php~ 2009-02-04 10:01:02.000000000 -0600
+++ program/lib/washtml.php 2009-02-04 10:01:02.000000000 -0600
@@ -83 +83 @@
- static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background');
+ static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');
@@ -163 +163 @@
- ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value)))
+ ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value)))
@@ -167 +167 @@
- else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
+ else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
@@ -171 +171 @@
- else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+ else if(preg_match('/^(http|https|ftp):.+/i', $value)) {
@@ -177 +177 @@
- $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
+ $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
Index: roundcubemail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/roundcubemail/devel/roundcubemail.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- roundcubemail.spec 7 Jan 2009 13:40:57 -0000 1.18
+++ roundcubemail.spec 4 Feb 2009 16:22:09 -0000 1.19
@@ -1,7 +1,7 @@
%define roundcubedir %{_datadir}/roundcubemail
Name: roundcubemail
Version: 0.2
-Release: 6.stable%{?dist}
+Release: 7.stable%{?dist}
Summary: Round Cube Webmail is a browser-based multilingual IMAP client
Group: Applications/System
@@ -16,6 +16,7 @@
#Patch1: roundcubemail-0.2-beta-html2text.patch
# From upstream, not in a release yet, BZ 476830.
#Patch2: roundcubemail-0.2-beta-CVE-2008-5620.patch
+Patch3: roundcubemail-0.2-CVE-2009-0413.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n)
@@ -48,6 +49,7 @@
%patch0 -p0
#%patch1 -p0
#%patch2 -p0
+%patch3 -p0
# fix permissions and remove any .htaccess files
find . -type f -print | xargs chmod a-x
@@ -135,6 +137,9 @@
%config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail
%changelog
+* Wed Feb 04 2009 Jon Ciesla <limb at jcomserv.net> = 0.2-7.stable
+- Patch for CVE-2009-0413, BZ 484052.
+
* Mon Jan 05 2009 Jon Ciesla <limb at jcomserv.net> = 0.2-6.stable
- New upstream.
- Dropped two most recent patches, applied upstream.
- Previous message: rpms/ochusha/devel ochusha-head-g++44.patch, NONE, 1.1 ochusha.spec, 1.93, 1.94
- Next message: rpms/libcroco/devel .cvsignore, 1.6, 1.7 libcroco.spec, 1.22, 1.23 sources, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list