Hi, this time it's the right bug number. I intend to 0-day NMU this bug. I attached a patch for the NMU which fixes the XSS vulnerability. It will be also archived on: http://people.debian.org/~nion/nmu-diff/egroupware-phpsysinfo-1.2.107-2.dfsg-1-1.2.107-2.dfsg-1.1.patch
Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u egroupware-1.2.107-2.dfsg/debian/patches/00list egroupware-1.2.107-2.dfsg/debian/patches/00list
--- egroupware-1.2.107-2.dfsg/debian/patches/00list
+++ egroupware-1.2.107-2.dfsg/debian/patches/00list
@@ -1,3 +1,4 @@
+01_fix-CVE-2007-4048
04-egw-ldap-doc
06-egw-header-template
08-egw-checkinstall-symlink
diff -u egroupware-1.2.107-2.dfsg/debian/changelog egroupware-1.2.107-2.dfsg/debian/changelog
--- egroupware-1.2.107-2.dfsg/debian/changelog
+++ egroupware-1.2.107-2.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+egroupware (1.2.107-2.dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Included 01_fix-CVE-2007-4048.dpatch to fix XSS vulnerability in
+ system_footer.php (CVE-2007-4048) (Closes: #435937).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 03 Sep 2007 12:39:01 +0200
+
egroupware (1.2.107-2.dfsg-1) unstable; urgency=high
* New upstream release (closes: #429208) (CVE-2007-3155)
only in patch2:
unchanged:
--- egroupware-1.2.107-2.dfsg.orig/debian/patches/01_fix-CVE-2007-4048.dpatch
+++ egroupware-1.2.107-2.dfsg/debian/patches/01_fix-CVE-2007-4048.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 01_fix-CVE-2007-4048.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad egroupware-1.2.107-2.dfsg~/phpsysinfo/includes/system_footer.php egroupware-1.2.107-2.dfsg/phpsysinfo/includes/system_footer.php
+--- egroupware-1.2.107-2.dfsg~/phpsysinfo/includes/system_footer.php 2007-06-05 17:22:18.000000000 +0200
++++ egroupware-1.2.107-2.dfsg/phpsysinfo/includes/system_footer.php 2007-09-03 12:38:34.000000000 +0200
+@@ -28,7 +28,7 @@
+ if (!$hide_picklist) {
+ echo "<center>";
+
+- $update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n";
++ $update_form = "<form method=\"POST\" action=\"" . htmlentities($_SERVER['PHP_SELF']) . "\">\n" . "\t" . $text['template'] . ": \n" . "\t<select name=\"template\">\n";
+
+ $dir = opendir(APP_ROOT . '/templates/');
+ while (false !== ($file = readdir($dir))) {
pgptytRxskjpb.pgp
Description: PGP signature
