Re: Adam D. Barratt 2012-04-04 <[email protected]> > I'd like to see a full debdiff for final confirmation but based on the > commit link above it looks suitable; thanks for working on fixing this > issue in stable.
diff -Nru phppgadmin-4.2.3/debian/changelog phppgadmin-4.2.3/debian/changelog --- phppgadmin-4.2.3/debian/changelog 2011-10-26 21:53:31.000000000 +0200 +++ phppgadmin-4.2.3/debian/changelog 2012-03-27 12:33:25.000000000 +0200 @@ -1,3 +1,9 @@ +phppgadmin (4.2.3-1.1squeeze2) stable-security; urgency=low + + * Cherry-pick from 5.0.4: Fix XSS in function.php, reported by Mateusz Goik. + + -- Christoph Berg <[email protected]> Tue, 27 Mar 2012 12:32:43 +0200 + phppgadmin (4.2.3-1.1squeeze1) stable-security; urgency=high * Fix CVE-2011-3598 (XSS). diff -Nru phppgadmin-4.2.3/debian/patches/series phppgadmin-4.2.3/debian/patches/series --- phppgadmin-4.2.3/debian/patches/series 2011-10-10 10:22:47.000000000 +0200 +++ phppgadmin-4.2.3/debian/patches/series 2012-03-27 12:32:11.000000000 +0200 @@ -2,3 +2,4 @@ localhost.patch php5.3-reference-value-fix.patch CVE-2011-3598 +xss-function.php diff -Nru phppgadmin-4.2.3/debian/patches/xss-function.php phppgadmin-4.2.3/debian/patches/xss-function.php --- phppgadmin-4.2.3/debian/patches/xss-function.php 1970-01-01 01:00:00.000000000 +0100 +++ phppgadmin-4.2.3/debian/patches/xss-function.php 2012-03-27 12:32:39.000000000 +0200 @@ -0,0 +1,17 @@ +--- a/functions.php ++++ b/functions.php +@@ -771,14 +771,12 @@ + 'function' => array( + 'title' => $lang['strfunction'], + 'field' => field('proproto'), +- 'type' => 'verbatim', + 'url' => "redirect.php?subject=function&action=properties&{$misc->href}&", + 'vars' => array('function' => 'proproto', 'function_oid' => 'prooid'), + ), + 'returns' => array( + 'title' => $lang['strreturns'], + 'field' => field('proreturns'), +- 'type' => 'verbatim', + ), + 'owner' => array( + 'title' => $lang['strowner'], Christoph -- [email protected] | http://www.df7cb.de/
signature.asc
Description: Digital signature
