Hi Please find the NMU patch attached.
Cheers Steffen
diff -u ipplan-4.91a/debian/changelog ipplan-4.91a/debian/changelog --- ipplan-4.91a/debian/changelog +++ ipplan-4.91a/debian/changelog @@ -1,3 +1,13 @@ +ipplan (4.91a-1.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix cross-site scripting vulnerability, which can be exploited via + the userid, userdescrip, useremail, grp and grpdescrip parameters + (Closes: #530271) + Fixes: CVE-2009-1732 + + -- Steffen Joeris <wh...@debian.org> Mon, 06 Jul 2009 08:09:24 +0000 + ipplan (4.91a-1) unstable; urgency=low * new upstream release diff -u ipplan-4.91a/debian/patches/00list ipplan-4.91a/debian/patches/00list --- ipplan-4.91a/debian/patches/00list +++ ipplan-4.91a/debian/patches/00list @@ -1,0 +2 @@ +CVE-2009-1732-xss.dpatch only in patch2: unchanged: --- ipplan-4.91a.orig/debian/patches/CVE-2009-1732-xss.dpatch +++ ipplan-4.91a/debian/patches/CVE-2009-1732-xss.dpatch @@ -0,0 +1,36 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +...@dpatch@ +--- admin/usermanager.php 2009-03-19 07:44:03.000000000 +1100 ++++ ipplan-4.91a/admin/usermanager.php 2009-05-30 16:34:08.000000000 +1000 +@@ -301,9 +301,13 @@ + // First off we insert the user information and delete button. + insert($w, $t=table(array("cols"=>"2","border"=>"0","cellspacing"=>"2","width"=>"100%"))); + insert($t, $c=cell()); +- insert($c ,block("<b>".my_("Editing User: $userid")."</b><br>")); +- insert($c, block("<i>".my_("Real Name: ").$row["userdescrip"]."</i><br>")); +- insert($c, block(my_("e-mail: ").$row["useremail"])); ++ insert($c ,block("<b>")); ++ insert($c ,text(my_("Editing User: $userid"))); ++ insert($c ,block("</b><br>")); ++ insert($c, block("<i>")); ++ insert($c, text(my_("Real Name: ").$row["userdescrip"])); ++ insert($c, block("</i><br>")); ++ insert($c, text(my_("e-mail: ").$row["useremail"])); + insert($t, $c=cell(array("align"=>"right"))); + insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"]))); + insert($f,hidden(array("name"=>"action","value"=>"deleteuser"))); +@@ -407,8 +411,11 @@ + $resaddr =$row["resaddr"]; + insert($w, $t=table(array("width"=>"100%","cols"=>"2","border"=>"0","cellspacing"=>"0","valign"=>"middle"))); + insert($t, $c = cell()); +- insert($c, block("<b>".my_("Editing Group:")." $grp</b><br>")); +- insert($c, block("<i>".my_(" Description: ")."</i>".$grpdescrip)); ++ insert($c, block("<b>")); ++ insert($c, text(my_("Editing Group:")." $grp")); ++ insert($c, block("</b><br>")); ++ insert($c, block("<i>".my_(" Description: ")."</i>")); ++ insert($c, text($grpdescrip)); + insert($w,generic("br")); + insert($t,$c = cell (array("align"=>"right"))); + insert($c, $f = form(array("method"=>"post","action"=>$_SERVER["PHP_SELF"])));
signature.asc
Description: This is a digitally signed message part.