rpms/mlmmj/devel patch-mlmmj-php-admin-dirtravfix.diff, NONE, 1.1 mlmmj.spec, 1.36, 1.37
Michael Fleming
mfleming at fedoraproject.org
Sun Jun 27 11:38:01 UTC 2010
Author: mfleming
Update of /cvs/pkgs/rpms/mlmmj/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv15329
Modified Files:
mlmmj.spec
Added Files:
patch-mlmmj-php-admin-dirtravfix.diff
Log Message:
* Sun Jun 27 2010 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 1.2.17-2
- Fix for CVE-2009-4896 (lack of input validation in php-admin contrib scripts)
patch-mlmmj-php-admin-dirtravfix.diff:
edit.php | 9 +++++++++
save.php | 9 +++++++++
2 files changed, 18 insertions(+)
--- NEW FILE patch-mlmmj-php-admin-dirtravfix.diff ---
diff -urN orig-mlmmj/contrib/web/php-admin/htdocs/edit.php mlmmj/contrib/web/php-admin/htdocs/edit.php
--- orig-mlmmj/contrib/web/php-admin/htdocs/edit.php 2005-05-09 16:36:09.000000000 +0200
+++ mlmmj/contrib/web/php-admin/htdocs/edit.php 2010-06-26 10:33:17.075405396 +0200
@@ -104,6 +104,15 @@
if(!isset($list))
die("no list specified");
+if (strchr($list, "/") !== false)
+die("slash in list name");
+
+if ($list == ".")
+die("list name is dot");
+
+if ($list == "..")
+die("list name is dot-dot");
+
if(!is_dir($topdir."/".$list))
die("non-existent list");
diff -urN orig-mlmmj/contrib/web/php-admin/htdocs/save.php mlmmj/contrib/web/php-admin/htdocs/save.php
--- orig-mlmmj/contrib/web/php-admin/htdocs/save.php 2005-05-09 16:36:09.000000000 +0200
+++ mlmmj/contrib/web/php-admin/htdocs/save.php 2010-06-26 10:33:31.295405214 +0200
@@ -79,6 +79,15 @@
if(!isset($list))
die("no list specified");
+if (strchr($list, "/") !== false)
+die("slash in list name");
+
+if ($list == ".")
+die("list name is dot");
+
+if ($list == "..")
+die("list name is dot-dot");
+
if(!is_dir($topdir."/".$list))
die("non-existent list");
Index: mlmmj.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mlmmj/devel/mlmmj.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- mlmmj.spec 13 Feb 2010 11:09:00 -0000 1.36
+++ mlmmj.spec 27 Jun 2010 11:38:01 -0000 1.37
@@ -3,11 +3,12 @@
Summary: Mailserver-independent ezmlm-like mailing list manager
Name: mlmmj
Version: 1.2.17
-Release: 1%{?dist}
+Release: 2%{?dist}
License: MIT
Group: Applications/Internet
URL: http://www.mlmmj.org/
Source: http://mlmmj.mmj.dk/files/mlmmj-%{version}.tar.bz2
+Patch: patch-mlmmj-php-admin-dirtravfix.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: server(smtp)
@@ -20,6 +21,7 @@ license and mailserver independence.
%prep
%setup -q
+%patch -p1 -b .dirtravfix
%build
%configure --enable-recieve-strip
@@ -48,6 +50,9 @@ rm -rf %{buildroot}
%{_mandir}/man1/mlmmj-*
%changelog
+* Sun Jun 27 2010 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 1.2.17-2
+- Fix for CVE-2009-4896 (lack of input validation in php-admin contrib scripts)
+
* Sat Feb 13 2010 Michael Fleming <mfleming+rpm at thatfleminggent.com> - 1.2.17-1
- 1.2.17 (many fixes and improvements)
More information about the scm-commits
mailing list