[WebCalendar/f17] * Fri Feb 17 2012 Patrick Monnerat <pm at datasphere.ch> 1.2.4-3 - Patch "cve2012_0846" fixes CVE-2012-
Patrick Monnerat
monnerat at fedoraproject.org
Fri Feb 17 13:00:23 UTC 2012
commit 17d96c82298c4d19b01afc3a5dcbd4c6bc4d82c6
Author: Patrick Monnerat <pm at datasphere.ch>
Date: Fri Feb 17 14:00:14 2012 +0100
* Fri Feb 17 2012 Patrick Monnerat <pm at datasphere.ch> 1.2.4-3
- Patch "cve2012_0846" fixes CVE-2012-0846 and some other XSS vulnerabilities.
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
WebCalendar-1.2.4-cve2012_0846.patch | 70 ++++++++++++++++++++++++++++++++++
WebCalendar.spec | 12 ++++-
2 files changed, 79 insertions(+), 3 deletions(-)
---
diff --git a/WebCalendar-1.2.4-cve2012_0846.patch b/WebCalendar-1.2.4-cve2012_0846.patch
new file mode 100644
index 0000000..3a346ee
--- /dev/null
+++ b/WebCalendar-1.2.4-cve2012_0846.patch
@@ -0,0 +1,70 @@
+diff -Naur WebCalendar-1.2.4.orig/edit_entry_handler.php WebCalendar-1.2.4.new/edit_entry_handler.php
+--- WebCalendar-1.2.4.orig/edit_entry_handler.php 2012-02-17 11:09:49.523345221 +0100
++++ WebCalendar-1.2.4.new/edit_entry_handler.php 2012-02-17 12:50:59.541471469 +0100
+@@ -152,16 +152,19 @@
+ $location = strip_tags ( $location );
+ }
+
+-// Don't allow certain HTML tags in description.
++// Don't allow certain HTML tags in name, description and location.
+ // Malicious users can use meta refresh to redirect users to another
+ // site (possibly a malware site). This could be form a public submission
+ // on an event calendar, and the admin gets sent to the malware site when
+ // viewing the event to approve/reject it.
+ $bannedTags = array ( 'HTML', 'HEAD', 'TITLE', 'BODY',
+ 'SCRIPT', 'META', 'LINK', 'OBJECT', 'APPLET' );
+-for ( $i = 0; $i < count ( $bannedTags ); $i++ ) {
+- if ( preg_match ( "/<\s*$bannedTags[$i]/i", $description ) ) {
+- $error = translate('Security violation!');
++foreach (array($name, $description, $location) as $chkfld) {
++ for ( $i = 0; $i < count ( $bannedTags ); $i++ ) {
++ if ( preg_match ( "/<\s*$bannedTags[$i]/i", $chkfld ) ) {
++ $error = translate('Security violation!');
++ break 2;
++ }
+ }
+ }
+
+diff -Naur WebCalendar-1.2.4.orig/view_entry.php WebCalendar-1.2.4.new/view_entry.php
+--- WebCalendar-1.2.4.orig/view_entry.php 2012-02-17 11:09:49.466347759 +0100
++++ WebCalendar-1.2.4.new/view_entry.php 2012-02-17 12:41:58.190467151 +0100
+@@ -421,7 +421,7 @@
+ </tr>' : '' ) . ( $DISABLE_URL_FIELD != 'Y' && ! empty ( $url ) ? '
+ <tr>
+ <td class="aligntop bold">' . translate ( 'URL' ) . ':</td>
+- <td>' . activate_urls ( $url ) . '</td>
++ <td>' . activate_urls(htmlspecialchars($url)) . '</td>
+ </tr>' : '' );
+
+ if ( $event_status != 'A' && ! empty ( $event_status ) ) {
+@@ -685,10 +685,10 @@
+ <td width="30%">';
+ if ( strlen ( $tempemail ) && $can_email != 'N' ) {
+ echo '<a href="mailto:' . $tempemail . '?subject=' . $subject
+- . '"> ' . $tempfullname . '</a>';
++ . '"> ' . htmlspecialchars($tempfullname) . '</a>';
+ $allmails[] = $tempemail;
+ } else
+- echo ' ' . $tempfullname;
++ echo ' ' . htmlspecialchars($tempfullname);
+
+ echo '</td>
+ <td width="5%" align="center">' . $percentage . '%</td>
+@@ -711,7 +711,7 @@
+ ';
+ if ( strlen ( $tempemail ) > 0 && $can_email != 'N' ) {
+ echo '<a href="mailto:' . $tempemail . '?subject=' . $subject . '">'
+- . $tempfullname . '</a>';
++ . htmlspecialchars($tempfullname) . '</a>';
+ $allmails[] = $tempemail;
+ } else
+ echo $tempfullname;
+@@ -727,7 +727,7 @@
+ for ( $i = 0, $cnt = count ( $ext_users ); $i < $cnt; $i++ ) {
+ if ( ! empty ( $ext_users[$i] ) ) {
+ echo '
+- ' . $ext_users[$i] . ' (' . $externUserStr . ')<br />';
++ ' . htmlspecialchars($ext_users[$i]) . ' (' . $externUserStr . ')<br />';
+ if ( preg_match ( '/mailto: (\S+)"/', $ext_users[$i], $match ) )
+ $allmails[] = $match[1];
+ }
diff --git a/WebCalendar.spec b/WebCalendar.spec
index f4a7fb4..f8d2a2a 100644
--- a/WebCalendar.spec
+++ b/WebCalendar.spec
@@ -20,7 +20,7 @@
Name: WebCalendar
Summary: Single/multi-user web-based calendar application
Version: 1.2.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: Applications/Internet
Source0: WebCalendar-%{version}-clean.tar.gz
@@ -46,6 +46,7 @@ Patch15: WebCalendar-1.2.3-authsettings.patch
Patch16: WebCalendar-1.2.3-etp.patch
Patch17: WebCalendar-1.2.3-canadd.patch
Patch18: WebCalendar-1.2.4-cve2011_3814.patch
+Patch19: WebCalendar-1.2.4-cve2012_0846.patch
URL: http://www.k5n.us/webcalendar.php
Requires: webserver
Requires: php >= 4.1.0
@@ -117,6 +118,7 @@ rm -rf includes/classes/captcha
%patch16 -p 1
%patch17 -p 1
%patch18 -p 1
+%patch19 -p 1
#-------------------------------------------------------------------------------
@@ -260,11 +262,15 @@ rm -rf "${RPM_BUILD_ROOT}"
#-------------------------------------------------------------------------------
%changelog
+#-------------------------------------------------------------------------------
+
+* Fri Feb 17 2012 Patrick Monnerat <pm at datasphere.ch> 1.2.4-3
+- Patch "cve2012_0846" fixes CVE-2012-0846 and some other XSS vulnerabilities.
+ http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
+
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-#-------------------------------------------------------------------------------
-
* Tue Oct 11 2011 Patrick Monnerat <pm at datasphere.ch> 1.2.4-1
- New upstream release.
- Patch "cve2011_3814" to fix CVE-2011-3814 vulnerability.
More information about the scm-commits
mailing list