Package: twiki
Version: 1:4.0.5-5
Severity: critical
Justification: breaks unrelated software
Tags: patch
Sven Dowideit wrote:
> it contains a fix for a bug i reported to bugs.debian.org about 6
> hours ago, but it's still not gotten a number ;(
It is not there yet... Did you use reportbug?
I am trying again here :)
> in case something went wrong with the bug submission I've appended it
> here
>
> could you please take a peek for me some time :) I'll be away for the
> weekend
I sure will!
> Merry Christmas :)
You too!
> -----------------------------
> Package: twiki
> Version: 1:4.0.5-5
> Severity: critical
> Justification: breaks unrelated software
>
> an possible phishing risk has been found in the ability of TWiki to
> redirect to any URL via the ?topic= parmeter.
>
> The following patch prevents this.
>
> --- lib/TWiki.pm.orig 2006-10-25 02:16:05.000000000 +0200
> +++ lib/TWiki.pm 2006-12-21 16:52:23.000000000 +0100
> @@ -720,6 +720,19 @@
>
> ASSERT($this->isa( 'TWiki')) if DEBUG;
>
> + # prevent phishing byt only allowing redirect to configured host
> + if( $url =~ m!^([^:]*://[^/]*)(/.*)?$! ) {
> + my $host = $1;
> + unless ($host eq $TWiki::cfg{DefaultUrlHost}) {
> + $url = $this->getOopsUrl( 'accessdenied',
> + def => 'topic_access',
> + web => $this->{web} || $TWiki::cfg
> {UsersWebName},
> + topic => $this->{topic} ||
> $TWiki::cfg{HomeTopicName},
> + params => [ 'redirect', 'unsafe
> redirect to '.$url ]);
> + }
> + #die 'unsafe redirect to '.$url unless ($host eq $TWiki::cfg
> {DefaultUrlHost});
> + }
> +
> my $query = $this->{cgiQuery};
> unless( $this->{plugins}->redirectCgiQueryHandler( $query,
> $url ) ) {
> if ( $query && $query->param( 'noredirect' )) {
>
>
> Sven Dowideit
>
> -- System Information:
> Debian Release: 4.0
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.17-2-686
> Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
>
> Versions of packages twiki depends on:
> ii apache-common 1.3.34-4 support files for all
> Apache webse
> ii apache2.2-common 2.2.3-3.1 Next generation,
> scalable, extenda
> ii debconf [debconf-2.0] 1.5.8 Debian configuration
> management sy
> ii libalgorithm-diff-perl 1.19.01-2 a perl library for
> finding Longest
> ii libcgi-session-perl 4.14-1 Persistent session data
> in CGI app
> ii libdigest-sha1-perl 2.11-1 NIST SHA-1 message
> digest algorith
> ii liberror-perl 0.15-8 Perl module for error/
> exception ha
> ii liblocale-maketext-lexicon-pe 0.62-1 Lexicon-handling
> backends for "Loc
> ii libtext-diff-perl 0.35-2 Perform diffs on files
> and record
> ii perl [libmime-base64-perl] 5.8.8-6.1 Larry Wall's Practical
> Extraction
> ii perl-modules [libnet-perl] 5.8.8-6.1 Core Perl modules
> ii rcs 5.7-18 The GNU Revision Control
> System
>
> twiki recommends no packages.
--
ยท''`. If I can't dance to it, it's not my revolution
: :' : -- Emma Goldman
`. `' Proudly running Debian GNU/Linux (unstable)
`- www.amayita.com www.malapecora.com www.chicasduras.com
