subject:"Bug#946704\: stretch\-pu\: package php\-horde\/5.2.13\+debian0\-1\+deb9u1"

Bug#946704: stretch-pu: package php-horde/5.2.13+debian0-1+deb9u1

2019-12-30 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Fri, 2019-12-13 at 22:54 -0500, Roberto C. Sanchez wrote:
> Please find attached a proposed debdiff for php-horde.  The change
> fixes CVE-2019-12095, which the security team has classified as  dsa>, deeming it a minor issue which can be fixed via a point
> release.  May I have permission to upload to stretch-proposed-
> updates?

Please go ahead.

Regards,

Adam

Bug#946704: stretch-pu: package php-horde/5.2.13+debian0-1+deb9u1

2019-12-13 Thread Roberto C. Sanchez

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Please find attached a proposed debdiff for php-horde.  The change fixes
CVE-2019-12095, which the security team has classified as ,
deeming it a minor issue which can be fixed via a point release.  May I
have permission to upload to stretch-proposed-updates?

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru php-horde-5.2.13+debian0/debian/changelog 
php-horde-5.2.13+debian0/debian/changelog
--- php-horde-5.2.13+debian0/debian/changelog   2016-12-18 16:01:07.0 
-0500
+++ php-horde-5.2.13+debian0/debian/changelog   2019-12-13 21:10:06.0 
-0500
@@ -1,3 +1,9 @@
+php-horde (5.2.13+debian0-1+deb9u1) stretch; urgency=high
+
+  * Fix CVE-2019-12095: Stored XSS vuln in the Horde Cloud Block.
+
+ -- Roberto C. Sanchez   Fri, 13 Dec 2019 21:10:06 -0500
+
 php-horde (5.2.13+debian0-1) unstable; urgency=medium
 
   * New upstream version 5.2.13+debian0
diff -Nru 
php-horde-5.2.13+debian0/debian/patches/0002-CVE-2019-12095-Fix-XSS-vuln-in-the-Horde-Cloud-Block.patch
 
php-horde-5.2.13+debian0/debian/patches/0002-CVE-2019-12095-Fix-XSS-vuln-in-the-Horde-Cloud-Block.patch
--- 
php-horde-5.2.13+debian0/debian/patches/0002-CVE-2019-12095-Fix-XSS-vuln-in-the-Horde-Cloud-Block.patch
 1969-12-31 19:00:00.0 -0500
+++ 
php-horde-5.2.13+debian0/debian/patches/0002-CVE-2019-12095-Fix-XSS-vuln-in-the-Horde-Cloud-Block.patch
 2019-12-13 21:10:06.0 -0500
@@ -0,0 +1,50 @@
+From 81a7b53973506856db67e7f0b0263be29528aa75 Mon Sep 17 00:00:00 2001
+From: Michael J Rubinsky 
+Date: Sat, 20 Apr 2019 17:34:41 -0400
+Subject: [PATCH] Fix XSS vuln in the Horde Cloud Block.
+
+---
+ horde-5.2.13/lib/Block/Cloud.php  | 6 +-
+ horde-5.2.13/services/portal/cloud_search.php | 2 +-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/horde-5.2.13/lib/Block/Cloud.php 
b/horde-5.2.13/lib/Block/Cloud.php
+index 92a44255..9df5bf3c 100644
+--- a/horde-5.2.13/lib/Block/Cloud.php
 b/horde-5.2.13/lib/Block/Cloud.php
+@@ -13,6 +13,10 @@ class Horde_Block_Cloud extends Horde_Core_Block
+ $this->_name = _("Tag Cloud");
+ }
+ 
++protected function _escapeJs($string)
++{
++return str_replace("\n", '\n', str_replace('"', '\"', 
addcslashes(str_replace("\r", '', (string)$string), "\0..\37'\\")));
++}
+ /**
+  */
+ protected function _content()
+@@ -21,7 +25,7 @@ class Horde_Block_Cloud extends Horde_Core_Block
+ foreach ($this->_getTags() as $tag) {
+ $cloud->addElement(
+ $tag['tag_name'], '#', $tag['count'], null,
+-'doSearch(\'' . $tag['tag_name'] . '\'); return false;');
++'doSearch(\'' . 
htmlspecialchars($this->_escapeJs($tag['tag_name'])) . '\'); return false;');
+ }
+ 
+ Horde::startBuffer();
+diff --git a/horde-5.2.13/services/portal/cloud_search.php 
b/horde-5.2.13/services/portal/cloud_search.php
+index d72da96e..0d44b5a5 100644
+--- a/horde-5.2.13/services/portal/cloud_search.php
 b/horde-5.2.13/services/portal/cloud_search.php
+@@ -43,7 +43,7 @@ foreach ($results as $result) {
+ echo ' ' .
+  (empty($result['icon']) ? 
Horde_Themes_Image::tag(Horde_Themes::img($result['app'] . '.png', array('app' 
=> $result['app'])), array('alt' => $result['app'])) : '') .
+  Horde::link($result['view_url'], '', '', '', '', '', '', 
array('style' => 'margin:4px')) .
+- (empty($result['icon']) ? $result['title'] : '') .
++ (empty($result['icon']) ? htmlspecialchars($result['title']) : '') .
+  '' . 
$result['desc'] . '';
+ }
+ echo '';
+-- 
+2.20.1
+
diff -Nru php-horde-5.2.13+debian0/debian/patches/series 
php-horde-5.2.13+debian0/debian/patches/series
--- php-horde-5.2.13+debian0/debian/patches/series  2016-12-18 
16:01:07.0 -0500
+++ php-horde-5.2.13+debian0/debian/patches/series  2019-12-13 
21:10:06.0 -0500
@@ -1 +1,2 @@
 0001-Fix-rewrite-base.patch
+0002-CVE-2019-12095-Fix-XSS-vuln-in-the-Horde-Cloud-Block.patch

Bug#946704: stretch-pu: package php-horde/5.2.13+debian0-1+deb9u1

Bug#946704: stretch-pu: package php-horde/5.2.13+debian0-1+deb9u1

2 matches

Site Navigation

Mail list logo

Footer information