[ocsinventory/f19] XSS security fix for CVE-2014-4722
Remi Collet
remi at fedoraproject.org
Wed Jul 9 10:52:51 UTC 2014
commit ecc8169045598d16dba55e927b7711f9430a35aa
Author: Remi Collet <remi at fedoraproject.org>
Date: Wed Jul 9 12:53:05 2014 +0200
XSS security fix for CVE-2014-4722
ocsinventory-CVE-2014-4722.patch | 15 +++++++++++++++
ocsinventory.spec | 9 ++++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/ocsinventory-CVE-2014-4722.patch b/ocsinventory-CVE-2014-4722.patch
new file mode 100644
index 0000000..c98b172
--- /dev/null
+++ b/ocsinventory-CVE-2014-4722.patch
@@ -0,0 +1,15 @@
+http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/834
+
+=== modified file 'require/function_table_html.php'
+--- ocsreports/require/function_table_html.php 2012-10-31 15:26:41 +0000
++++ ocsreports/require/function_table_html.php 2014-06-19 16:05:03 +0000
+@@ -1429,7 +1429,7 @@
+ if ($key == "STAT" or $key == "SUP" or $key == "CHECK"){
+ $key2 = "NULL";
+ }else{
+- $data[$i][$num_col]=$value_of_field;
++ $data[$i][$num_col]=htmlspecialchars($value_of_field, ENT_QUOTES);
+ $affich="KO";
+ }
+ }
+
diff --git a/ocsinventory.spec b/ocsinventory.spec
index ae1dba1..70352df 100644
--- a/ocsinventory.spec
+++ b/ocsinventory.spec
@@ -8,7 +8,7 @@ Name: ocsinventory
Summary: Open Computer and Software Inventory Next Generation
Version: 2.0.5
-Release: 5%{?dist}
+Release: 8%{?dist}
Group: Applications/Internet
License: GPLv2
@@ -21,6 +21,9 @@ Source1: ocsinventory-reports.conf
# Fix for httpd 2.4 (for new authz_core)
Patch0: ocsng-httpd24.patch
+# Security fix
+Patch1: %{name}-CVE-2014-4722.patch
+
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl(ExtUtils::MakeMaker)
@@ -123,6 +126,7 @@ navigateur favori.
%setup -q -n %{tarname}-%{version}
%patch0 -p0
+%patch1 -p0
chmod -x binutils/ocs-errors
@@ -306,6 +310,9 @@ fi
%changelog
+* Wed Jul 09 2014 Remi Collet <remi at fedoraproject.org> - 2.0.5-8
+- XSS security fix for CVE-2014-4722
+
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
More information about the scm-commits
mailing list