Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, The version of sympa in oldstable is affected by a bug which permit to one user to crash or trigger an endless loop in the fastcgi process running the sympa web interface (wwsympa). See #654622 DSA asked me to upload a fix for this bug in oldstable-proposed-updates (I hope it's not too late for the next point release). Attached is the debdiff. Regards, M. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
diff -Nru sympa-6.0.1+dfsg/debian/changelog sympa-6.0.1+dfsg/debian/changelog --- sympa-6.0.1+dfsg/debian/changelog 2012-05-20 14:04:58.000000000 +0000 +++ sympa-6.0.1+dfsg/debian/changelog 2013-10-03 12:39:39.000000000 +0000 @@ -1,3 +1,10 @@ +sympa (6.0.1+dfsg-4+squeeze2) oldstable-proposed-updates; urgency=low + + * Fix endless loop in wwsympa while loading session data including + metacharacters like regexp symbols (Closes: #654622) + + -- Emmanuel Bouthenot <kol...@debian.org> Thu, 03 Oct 2013 18:32:59 +0000 + sympa (6.0.1+dfsg-4+squeeze1) stable-security; urgency=high * Fix CVE-2012-2352: Possibility to bypass the authorization mechanisms in diff -Nru sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch --- sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch 1970-01-01 00:00:00.000000000 +0000 +++ sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch 2013-10-03 14:25:35.000000000 +0000 @@ -0,0 +1,34 @@ +Description: Fix endless loop in wwsympa while loading session data + including metacharacters like regexp symbols (Closes: #654622) +Author: Hatuka*nezumi - IKEDA Soji <hat...@nezumi.nu> +Origin: upstream, https://sourcesup.renater.fr/scm/viewvc.php?view=revision&root=sympa&revision=6323 +Bug-Debian: http://bug.debian.org/654622 +Last-Update: 2013-10-03 +--- a/src/lib/tools.pm ++++ b/src/lib/tools.pm +@@ -3229,9 +3229,11 @@ + my $data = shift; + my %hash ; + +- while ($data =~ /^(\;?(\w+)\=\"([^\"]*)\")/) { +- $hash{$2} = $3; +- $data =~ s/$1// ; ++ pos($data) = 0; ++ while ($data =~ /\G;?(\w+)\=\"((\\[\"\\]|[^\"])*)\"(?=(;|\z))/g) { ++ my ($var, $val) = ($1, $2); ++ $val =~ s/\\([\"\\])/$1/g; ++ $hash{$var} = $val; + } + + return (%hash); +@@ -3246,7 +3248,9 @@ + my $data_string ; + foreach my $var (keys %$refhash ) { + next unless ($var); +- $data_string .= ';'.$var.'="'.$refhash->{$var}.'"'; ++ my $val = $refhash->{$var}; ++ $val =~ s/([\"\\])/\\$1/g; ++ $data_string .= ';'.$var.'="'.$val.'"'; + } + return ($data_string); + } diff -Nru sympa-6.0.1+dfsg/debian/patches/series sympa-6.0.1+dfsg/debian/patches/series --- sympa-6.0.1+dfsg/debian/patches/series 2012-05-20 14:04:58.000000000 +0000 +++ sympa-6.0.1+dfsg/debian/patches/series 2013-10-03 12:43:25.000000000 +0000 @@ -1,3 +1,4 @@ +0001_fix_session_with_metachars.patch 1001_sympa.pl_add_prepare_db_option.patch 1004_wizard_support_batch_and_display_mode.patch 1005_wizard_emit_cmd_and_newline_when_dying.patch