This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch wheezy
in repository libhtml-scrubber-perl.

commit 3e26da350acc7528c5250a4f8bea6bc0f1f266c0
Author: Niko Tyni <nt...@debian.org>
Date:   Sun Nov 15 21:09:39 2015 +0200

    [SECURITY] CVE-2015-5667: Backport upstream patch fixing a cross-site 
scripting vulnerability in comments. (Closes: #803943)
---
 debian/changelog                                   |  8 +++
 .../0001-Test-and-fix-for-JVN53973084.patch        | 65 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 74 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9b08f98..22f2288 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libhtml-scrubber-perl (0.09-1+deb7u1) wheezy; urgency=medium
+
+  * [SECURITY] CVE-2015-5667: Backport upstream patch fixing
+    a cross-site scripting vulnerability in comments.
+    (Closes: #803943)
+
+ -- Niko Tyni <nt...@debian.org>  Sun, 15 Nov 2015 21:07:33 +0200
+
 libhtml-scrubber-perl (0.09-1) unstable; urgency=low
 
   [ gregor herrmann ]
diff --git a/debian/patches/0001-Test-and-fix-for-JVN53973084.patch 
b/debian/patches/0001-Test-and-fix-for-JVN53973084.patch
new file mode 100644
index 0000000..c9b78cf
--- /dev/null
+++ b/debian/patches/0001-Test-and-fix-for-JVN53973084.patch
@@ -0,0 +1,65 @@
+From 3f871371cf40baf37981bc829036d4a444e20124 Mon Sep 17 00:00:00 2001
+From: Nigel Metheringham <nig...@cpan.org>
+Date: Sat, 10 Oct 2015 15:01:14 +0100
+Subject: [PATCH] Test and fix for JVN53973084
+
+Malformed tags can pass through as comments.
+Thus comments are now only passed through if
+they are well formed - currently defined as
+matching a regular expression.
+
+Origin: backport, 
https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
+Bug-Debian: https://bugs.debian.org/803943
+---
+ lib/HTML/Scrubber.pm |  6 +++++-
+ t/jvn53973084.t      | 21 +++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+ create mode 100644 t/jvn53973084.t
+
+diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm
+index e8ee4ba..e7c1d42 100644
+--- a/lib/HTML/Scrubber.pm
++++ b/lib/HTML/Scrubber.pm
+@@ -277,7 +277,11 @@ sub _scrub_str {
+         }
+     }
+     elsif ( $e eq 'comment' ) {
+-        $outstr .= $text if $s->{_comment};
++        if ( $s->{_comment} ) {
++
++            # only copy comments through if they are well formed...
++            $outstr .= $text if ( $text =~ m|^<!--.*-->$|ms );
++        }
+     }
+     elsif ( $e eq 'process' ) {
+         $outstr .= $text if $s->{_process};
+diff --git a/t/jvn53973084.t b/t/jvn53973084.t
+new file mode 100644
+index 0000000..7767609
+--- /dev/null
++++ b/t/jvn53973084.t
+@@ -0,0 +1,21 @@
++# Tests related to JVN53973084
++
++use strict;
++use warnings;
++use Test::More;
++
++use_ok('HTML::Scrubber');
++
++my @allow = qw[
++    hr
++];
++
++my $html_1 = q[<hr><a href="javascript:alert(1)"<hr>abc];
++my $html_2 = q[<img src="javascript:alert(1)"];
++foreach my $comment_value ( 0, 1 ) {
++    my $scrubber = HTML::Scrubber->new( allow => \@allow, comment => 
$comment_value );
++    is( $scrubber->scrub($html_1), '<hr>abc', "correct result (1) - with 
comment => $comment_value" );
++    is( $scrubber->scrub($html_2), '',            "correct result (2) - with 
comment => $comment_value" );
++}
++
++done_testing;
+-- 
+2.6.2
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..5e38bf3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-Test-and-fix-for-JVN53973084.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to