Dear Release Team, I'd like to ask you to unblock libphp-snoopy/1.2.4-1 for Lenny. While being a new upstream release with a quite big diff, the only relevant code change is the fix for CVE-2008-4796 in Snoopy.class.php:
@@ -1012,8 +1006,7 @@
$headerfile = tempnam($temp_dir, "sno");
- $safer_URI = strtr( $URI, "\"", " " ); // strip quotes from the
URI to avoid shell access
- exec($this->curl_path." -D \"$headerfile\"".$cmdline_params."
\"".$safer_URI."\"",$results,$return);
+ exec($this->curl_path." -k -D
\"$headerfile\"".$cmdline_params."
\"".escapeshellcmd($URI)."\"",$results,$return);
if($return)
{
The rest are documentation changes from upstream plus some minor
packaging cleanup from the maintainer (Standards-Version, Vcs-* headers etc).
These should not hurt anyone.
Having 1.2.4-1 in Lenny would allow wordpress to depend on it fixing a
security bug (#504234 - wordpress includes a copy of the vulnerable snoopy
version).
Kind regards
Evgeni Golov
pgpXty1UG3RAm.pgp
Description: PGP signature
