[matt hope <[EMAIL PROTECTED]> - 22:17PM Saturday Jun 25]: > 5.x uses a new templating system, so this problem may have been solved > by this. In addition, the NEWS[2] entry for 4.2b.3 (13 August 2004) has the > following: > > > Bug fixes : > [..] > wwsympa/: wwsympa.fcgi: [reported by J.Koret] Fix an XSS vulnerability > > > According to bugtraq[1], this was reported by Jose Antonio > <joxeankoret () yahoo ! es> .. I suspect this is "J.Koret". If that is > correct, then this problem is fixed in 4.2b and above.
Diff from upstream is here: http://sourcesup.cru.fr/cgi/viewcvs.cgi/sympa/wwsympa/wwsympa.fcgi.diff?r1=1.431&r2=1.432&cvsroot=sympa This patch applies against the 4.1.5 source (with just offset changes). -- >dopey!debian.org <http://www.debian.org/>
diff -u sympa-4.1.5/debian/changelog sympa-4.1.5/debian/changelog --- sympa-4.1.5/debian/changelog +++ sympa-4.1.5/debian/changelog @@ -1,3 +1,11 @@ +sympa (4.1.5-2.1) unstable; urgency=low + + * NMU + * Fixed XSS [wwwsympa/wwsympa.fcgi, CAN-2004-1735] + Closes: Bug#298105 + + -- Matt Hope <[EMAIL PROTECTED]> Tue, 28 Jun 2005 14:07:45 +1000 + sympa (4.1.5-2) unstable; urgency=low * added /etc/mail to directory list (Closes: #298404, thanks to Massimo only in patch2: unchanged: --- sympa-4.1.5.orig/wwsympa/wwsympa.fcgi +++ sympa-4.1.5/wwsympa/wwsympa.fcgi @@ -2408,6 +2408,10 @@ &error_message('syntax_errors', {'argument' => 'filter'}); &wwslog('err','do_search: syntax error'); return undef; + }elsif ($in{'filter'} =~ /[<>\\\*\$]/) { + &error_message('syntax_errors', {'argument' => 'filter'}); + &wwslog('err','do_search: syntax error'); + return undef; } ## May review @@ -4435,6 +4439,10 @@ &error_message('may_not'); &wwslog('info','do_arcsearch_id: access denied for %s', $param->{'user'}{'email'}); return undef; + }elsif ($in{'key_word'} =~ /[<>\\\*\$]/) { + &error_message('syntax_errors', {'argument' => 'key_word'}); + &wwslog('info','do_arcsearch: syntax error'); + return undef; } use Marc::Search; @@ -5637,6 +5645,10 @@ &error_message('config_changed', {'email' => $list->{'admin'}{'update'}{'email'}}); &wwslog('info','do_edit_list: Config file has been modified(%d => %d) by %s. Cannot apply changes', $in{'single_param.serial'}, $list->{'admin'}{'serial'}, $list->{'admin'}{'update'}{'email'}); return undef; + }elsif ($in{'filter'} =~ /[<>\\\*\$]/) { + &error_message('syntax_errors', {'argument' => 'filter'}); + &wwslog('err','do_search_list: syntax error'); + return undef; } ## Check changes & check syntax @@ -9742,6 +9754,10 @@ &error_message('missing_arg', {'argument' => 'lang'}); &wwslog('info','do_update_translation: no lang'); return undef; + }elsif ($in{'email'} =~ /[<>\\\*\$]/) { + &error_message('syntax_errors', {'argument' => 'email'}); + &wwslog('err','do_search_user: syntax error'); + return undef; } ## Load full index