On Tue, May 10, 2005 at 07:02:30PM +0200, Thijs Kinkhorst wrote: > Hello, > > Please find attached a patch to fix this bug. > Since there was nu response from the maintainer at all, for 10 days now, > is a NMU warranted?
Thanks for the patch, I just NMU'd. Final patch attached. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] http://jeroen.A-Eskwadraat.nl
diff -u eskuel-1.0.5/debian/changelog eskuel-1.0.5/debian/changelog --- eskuel-1.0.5/debian/changelog +++ eskuel-1.0.5/debian/changelog @@ -1,3 +1,12 @@ +eskuel (1.0.5-3.1) unstable; urgency=high + + * Non-maintainer upload fixing security bug, Maintainer busy + * Validate the lang_conf parameter before using it, to prevent arbitrary + file retreiving via the web. Patch provided by Thijs Kinkhorst + <[EMAIL PROTECTED]> (Closes: #307270). + + -- Jeroen van Wolffelaar <[EMAIL PROTECTED]> Tue, 10 May 2005 22:52:28 +0200 + eskuel (1.0.5-3) unstable; urgency=low * Remove Depends on php4-cgi-mysql in favor of php4-mysql, satisfiable on only in patch2: unchanged: --- eskuel-1.0.5.orig/include/functions.inc.php +++ eskuel-1.0.5/include/functions.inc.php @@ -72,6 +72,10 @@ if ($lang_conf == '') { $lang_conf = 'francais.inc.php'; } + if ( ! preg_match ( '/^[A-Za-z0-9_.]+$/', $lang_conf ) ) { + die ( "Invalid character in language file name"); + } + ### Getting the good $txt var from the lang res file include './lang/'.$lang_conf;