diff -u egroupware-1.2.107-2.dfsg/debian/changelog egroupware-1.2.107-2.dfsg/debian/changelog --- egroupware-1.2.107-2.dfsg/debian/changelog +++ egroupware-1.2.107-2.dfsg/debian/changelog @@ -1,3 +1,16 @@ +egroupware (1.2.107-2.dfsg-2ubuntu0.1) gutsy-security; urgency=low + + * SECURITY UPDATE: (LP: #212211) + + debian/patches/91_CVE-2008-1502.dpatch + - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php + in eGroupWare before 1.4.003 allows remote attackers to bypass HTML + filtering and conduct cross-site scripting (XSS) attacks via a + string containing crafted URL protocols. + * References + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1502 + + -- Emanuele Gentili Wed, 09 Apr 2008 05:03:33 +0200 + egroupware (1.2.107-2.dfsg-2) unstable; urgency=high * Fixed cross-site-scripting security problem (patch by Nico Golde) diff -u egroupware-1.2.107-2.dfsg/debian/patches/00list egroupware-1.2.107-2.dfsg/debian/patches/00list --- egroupware-1.2.107-2.dfsg/debian/patches/00list +++ egroupware-1.2.107-2.dfsg/debian/patches/00list @@ -4,0 +5 @@ +09_CVE-2008-1502.dpatch only in patch2: unchanged: --- egroupware-1.2.107-2.dfsg.orig/debian/patches/09_CVE-2008-1502.dpatch +++ egroupware-1.2.107-2.dfsg/debian/patches/09_CVE-2008-1502.dpatch @@ -0,0 +1,37 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09_CVE-2008-1502.dpatch by Emanuele Gentili +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad egroupware-1.2.107-2.dfsg~/phpgwapi/inc/class.kses.inc.php egroupware-1.2.107-2.dfsg/phpgwapi/inc/class.kses.inc.php +--- egroupware-1.2.107-2.dfsg~/phpgwapi/inc/class.kses.inc.php 2007-06-05 17:09:49.000000000 +0200 ++++ egroupware-1.2.107-2.dfsg/phpgwapi/inc/class.kses.inc.php 2008-04-09 05:03:12.000000000 +0200 +@@ -512,13 +512,12 @@ + ############################################################################### + function _bad_protocol_once($string) + { +- return preg_replace( +- '/^((&[^;]*;|[\sA-Za-z0-9])*)'. +- '(:|:|&#[Xx]3[Aa];)\s*/e', +- '\$this->_bad_protocol_once2("\\1")', +- $string +- ); +- return $string; ++ $string2 = preg_split('/:|:|:/i', $string, 2); ++ if(isset($string2[1]) && !preg_match('%/\?%',$string2[0])) ++ { ++ return $this->_bad_protocol_once2($string2[0]).trim($string2[1]); ++ } ++ return ''; + } # function _bad_protocol_once + + +@@ -668,4 +667,4 @@ + return '0.0.2 (OOP fork of kses 0.2.1)'; + } # function _version + } +-?> +\ No newline at end of file ++?>