[matt hope <[EMAIL PROTECTED]> - 22:17PM Saturday Jun 25]:
> 5.x uses a new templating system, so this problem may have been solved
> by this. In addition, the NEWS[2] entry for 4.2b.3 (13 August 2004) has the
> following:
>
>
> Bug fixes :
> [..]
> wwsympa/: wwsympa.fcgi: [reported by J.Koret] Fix an XSS vulnerability
>
>
> According to bugtraq[1], this was reported by Jose Antonio
> <joxeankoret () yahoo ! es> .. I suspect this is "J.Koret". If that is
> correct, then this problem is fixed in 4.2b and above.
Diff from upstream is here:
http://sourcesup.cru.fr/cgi/viewcvs.cgi/sympa/wwsympa/wwsympa.fcgi.diff?r1=1.431&r2=1.432&cvsroot=sympa
This patch applies against the 4.1.5 source (with just offset changes).
--
>dopey!debian.org
<http://www.debian.org/>
diff -u sympa-4.1.5/debian/changelog sympa-4.1.5/debian/changelog
--- sympa-4.1.5/debian/changelog
+++ sympa-4.1.5/debian/changelog
@@ -1,3 +1,11 @@
+sympa (4.1.5-2.1) unstable; urgency=low
+
+ * NMU
+ * Fixed XSS [wwwsympa/wwsympa.fcgi, CAN-2004-1735]
+ Closes: Bug#298105
+
+ -- Matt Hope <[EMAIL PROTECTED]> Tue, 28 Jun 2005 14:07:45 +1000
+
sympa (4.1.5-2) unstable; urgency=low
* added /etc/mail to directory list (Closes: #298404, thanks to Massimo
only in patch2:
unchanged:
--- sympa-4.1.5.orig/wwsympa/wwsympa.fcgi
+++ sympa-4.1.5/wwsympa/wwsympa.fcgi
@@ -2408,6 +2408,10 @@
&error_message('syntax_errors', {'argument' => 'filter'});
&wwslog('err','do_search: syntax error');
return undef;
+ }elsif ($in{'filter'} =~ /[<>\\\*\$]/) {
+ &error_message('syntax_errors', {'argument' => 'filter'});
+ &wwslog('err','do_search: syntax error');
+ return undef;
}
## May review
@@ -4435,6 +4439,10 @@
&error_message('may_not');
&wwslog('info','do_arcsearch_id: access denied for %s',
$param->{'user'}{'email'});
return undef;
+ }elsif ($in{'key_word'} =~ /[<>\\\*\$]/) {
+ &error_message('syntax_errors', {'argument' => 'key_word'});
+ &wwslog('info','do_arcsearch: syntax error');
+ return undef;
}
use Marc::Search;
@@ -5637,6 +5645,10 @@
&error_message('config_changed', {'email' =>
$list->{'admin'}{'update'}{'email'}});
&wwslog('info','do_edit_list: Config file has been modified(%d => %d)
by %s. Cannot apply changes', $in{'single_param.serial'},
$list->{'admin'}{'serial'}, $list->{'admin'}{'update'}{'email'});
return undef;
+ }elsif ($in{'filter'} =~ /[<>\\\*\$]/) {
+ &error_message('syntax_errors', {'argument' => 'filter'});
+ &wwslog('err','do_search_list: syntax error');
+ return undef;
}
## Check changes & check syntax
@@ -9742,6 +9754,10 @@
&error_message('missing_arg', {'argument' => 'lang'});
&wwslog('info','do_update_translation: no lang');
return undef;
+ }elsif ($in{'email'} =~ /[<>\\\*\$]/) {
+ &error_message('syntax_errors', {'argument' => 'email'});
+ &wwslog('err','do_search_user: syntax error');
+ return undef;
}
## Load full index
