On Tue, May 10, 2005 at 07:02:30PM +0200, Thijs Kinkhorst wrote:
> Hello,
>
> Please find attached a patch to fix this bug.
> Since there was nu response from the maintainer at all, for 10 days now,
> is a NMU warranted?
Thanks for the patch, I just NMU'd. Final patch attached.
--Jeroen
--
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl
diff -u eskuel-1.0.5/debian/changelog eskuel-1.0.5/debian/changelog
--- eskuel-1.0.5/debian/changelog
+++ eskuel-1.0.5/debian/changelog
@@ -1,3 +1,12 @@
+eskuel (1.0.5-3.1) unstable; urgency=high
+
+ * Non-maintainer upload fixing security bug, Maintainer busy
+ * Validate the lang_conf parameter before using it, to prevent arbitrary
+ file retreiving via the web. Patch provided by Thijs Kinkhorst
+ <[EMAIL PROTECTED]> (Closes: #307270).
+
+ -- Jeroen van Wolffelaar <[EMAIL PROTECTED]> Tue, 10 May 2005 22:52:28 +0200
+
eskuel (1.0.5-3) unstable; urgency=low
* Remove Depends on php4-cgi-mysql in favor of php4-mysql, satisfiable on
only in patch2:
unchanged:
--- eskuel-1.0.5.orig/include/functions.inc.php
+++ eskuel-1.0.5/include/functions.inc.php
@@ -72,6 +72,10 @@
if ($lang_conf == '') {
$lang_conf = 'francais.inc.php';
}
+ if ( ! preg_match ( '/^[A-Za-z0-9_.]+$/', $lang_conf ) ) {
+ die ( "Invalid character in language file name");
+ }
+
### Getting the good $txt var from the lang res file
include './lang/'.$lang_conf;
