Bug#961922: marked as done (stretch-pu: package php-horde-gollem/3.0.10-1+deb9u1)

Debian Bug Tracking System Sat, 18 Jul 2020 05:14:10 -0700

Your message dated Sat, 18 Jul 2020 13:07:00 +0100
with message-id 
<b8d89cdfeeda7b6d1ef96a8706a20f9525c2151b.ca...@adam-barratt.org.uk>
and subject line Closing requests for fixes included in 9.13 point release
has caused the Debian Bug report #961922,
regarding stretch-pu: package php-horde-gollem/3.0.10-1+deb9u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
961922: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961922
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Dear release team,

I just uploaded an update for php-horde-gollem to stretch, fixing
CVE-2020-8034.

+  * debian/patches:
+    + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+      (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).

Greets,
Mike

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru php-horde-gollem-3.0.10/debian/changelog 
php-horde-gollem-3.0.10/debian/changelog
--- php-horde-gollem-3.0.10/debian/changelog    2016-12-18 21:55:24.000000000 
+0100
+++ php-horde-gollem-3.0.10/debian/changelog    2020-05-31 16:43:57.000000000 
+0200
@@ -1,3 +1,11 @@
+php-horde-gollem (3.0.10-1+deb9u1) stretch; urgency=medium
+
+  * debian/patches:
+    + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+      (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
+
+ -- Mike Gabriel <sunwea...@debian.org>  Sun, 31 May 2020 16:43:57 +0200
+
 php-horde-gollem (3.0.10-1) unstable; urgency=medium
 
   * New upstream version 3.0.10
diff -Nru php-horde-gollem-3.0.10/debian/patches/CVE-2020-8034.patch 
php-horde-gollem-3.0.10/debian/patches/CVE-2020-8034.patch
--- php-horde-gollem-3.0.10/debian/patches/CVE-2020-8034.patch  1970-01-01 
01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.10/debian/patches/CVE-2020-8034.patch  2020-05-31 
16:43:57.000000000 +0200
@@ -0,0 +1,44 @@
+From a73bef1aef27d4cbfc7b939c2a81dea69aabb083 Mon Sep 17 00:00:00 2001
+From: Jan Schneider <j...@horde.org>
+Date: Wed, 4 Mar 2020 18:54:06 +0100
+Subject: [PATCH] [jan] SECURITY: Fix XSS vulnerability in breadcrumb output
+ (Reported by: polict of Shielder, CVE-2020-8034).
+
+---
+ doc/changelog.yml | 3 ++-
+ lib/Gollem.php    | 5 +++--
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+#diff --git a/doc/changelog.yml b/doc/changelog.yml
+#index dbad6ef..3e429bd 100644
+#--- a/doc/changelog.yml
+#+++ b/doc/changelog.yml
+#@@ -18,7 +18,8 @@
+#   license:
+#     identifier: GPL-2.0
+#     uri: http://www.horde.org/licenses/gpl
+#-  notes:
+#+  notes: |
+#+    [jan] SECURITY: Fix XSS vulnerability in breadcrumb output (Reported by: 
polict of Shielder, CVE-2020-8034).
+# 3.0.12:
+#   api: 3.0.0
+#   state:
+diff --git a/gollem-3.0.10/lib/Gollem.php b/gollem-3.0.10/lib/Gollem.php
+index 9a4a7cd..ec255e7 100644
+--- a/gollem-3.0.10/lib/Gollem.php
++++ b/gollem-3.0.10/lib/Gollem.php
+@@ -692,10 +692,11 @@ public static function directoryNavLink($currdir, $url)
+                 $dir = implode('/', $part);
+                 if ((strstr($dir, self::$backend['root']) !== false) &&
+                     (self::$backend['root'] != $dir)) {
++                    $part = htmlspecialchars($parts[($i - 1)]);
+                     if ($i == $parts_count) {
+-                        $label[] = $parts[($i - 1)];
++                        $label[] = $part;
+                     } else {
+-                        $label[] = Horde::link($url->add('dir', $dir), 
sprintf(_("Up to %s"), $dir)) . htmlspecialchars($parts[($i - 1)]) . '</a>';
++                        $label[] = Horde::link($url->add('dir', $dir), 
sprintf(_("Up to %s"), $dir)) . $part . '</a>';
+                     }
+                 }
+             }
+
diff -Nru php-horde-gollem-3.0.10/debian/patches/series 
php-horde-gollem-3.0.10/debian/patches/series
--- php-horde-gollem-3.0.10/debian/patches/series       1970-01-01 
01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.10/debian/patches/series       2020-05-31 
16:40:31.000000000 +0200
@@ -0,0 +1 @@
+CVE-2020-8034.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 9.13

Hi,

All of these requests relate to updates that were included in today's
stretch point release.

Regards,

Adam

--- End Message ---

Bug#961922: marked as done (stretch-pu: package php-horde-gollem/3.0.10-1+deb9u1)

Reply via email to