diff -u libphp-snoopy-1.2.3/debian/control libphp-snoopy-1.2.3/debian/control --- libphp-snoopy-1.2.3/debian/control +++ libphp-snoopy-1.2.3/debian/control @@ -1,7 +1,8 @@ Source: libphp-snoopy Section: web Priority: optional -Maintainer: Marcelo Jorge Vieira (metal) +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Marcelo Jorge Vieira (metal) Build-Depends: cdbs, debhelper (>= 5) Standards-Version: 3.7.2 diff -u libphp-snoopy-1.2.3/debian/rules libphp-snoopy-1.2.3/debian/rules --- libphp-snoopy-1.2.3/debian/rules +++ libphp-snoopy-1.2.3/debian/rules @@ -3,4 +3,5 @@ include /usr/share/cdbs/1/rules/debhelper.mk #include /usr/share/cdbs/1/class/makefile.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk # Add here any variable or target overrides you need. diff -u libphp-snoopy-1.2.3/debian/changelog libphp-snoopy-1.2.3/debian/changelog --- libphp-snoopy-1.2.3/debian/changelog +++ libphp-snoopy-1.2.3/debian/changelog @@ -1,3 +1,11 @@ +libphp-snoopy (1.2.3-1ubuntu0.1) hardy; urgency=low + + * SECURITY UPDATE: execute arbitrary commands via shell metacharacters in https URLs (LP: #292923) + - changed Snoopy.class.php with patch from version 1.2.4 in ubuntu jaunty + - CVE-2008-4796 + + -- Vincenzo Ampolo Fri, 06 Mar 2009 20:58:09 +0100 + libphp-snoopy (1.2.3-1) unstable; urgency=low * Initial release (Closes: #442303) only in patch2: unchanged: --- libphp-snoopy-1.2.3.orig/debian/patches/CVE-2008-4796.patch +++ libphp-snoopy-1.2.3/debian/patches/CVE-2008-4796.patch @@ -0,0 +1,19 @@ +# +# Ubuntu: https://bugs.launchpad.net/bugs/292923 +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504168 +# Upstream: http://sourceforge.net/tracker2/index.php?func=detail&aid=626849&group_id=2091&atid=102091 +# Description: CVE-2008-4796 missing input sanitising +# +diff -Nur -x '*.orig' -x '*~' libphp-snoopy-1.2.3/Snoopy.class.php libphp-snoopy-1.2.3.new/Snoopy.class.php +--- libphp-snoopy-1.2.3/Snoopy.class.php 2005-11-08 07:55:33.000000000 +0100 ++++ libphp-snoopy-1.2.3.new/Snoopy.class.php 2009-02-28 16:38:31.000000000 +0100 +@@ -1012,8 +1012,7 @@ + + $headerfile = tempnam($temp_dir, "sno"); + +- $safer_URI = strtr( $URI, "\"", " " ); // strip quotes from the URI to avoid shell access +- exec($this->curl_path." -D \"$headerfile\"".$cmdline_params." \"".$safer_URI."\"",$results,$return); ++ exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return); + + if($return) + {