diffstat for phpliteadmin-1.9.7.1 phpliteadmin-1.9.7.1 changelog | 8 ++++++++ patches/Fix-post-num-XSS.patch | 16 ++++++++++++++++ patches/series | 1 + 3 files changed, 25 insertions(+) diff -Nru phpliteadmin-1.9.7.1/debian/changelog phpliteadmin-1.9.7.1/debian/changelog --- phpliteadmin-1.9.7.1/debian/changelog 2018-04-28 00:14:25.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/changelog 2022-03-13 16:29:27.000000000 +0300 @@ -1,3 +1,11 @@ +phpliteadmin (1.9.7.1-1ubuntu0.2) bionic-security; urgency=medium + + * SECURITY UPDATE: cross-site scripting (LP: #1964710) + - debian/patches/Fix-post-num-XSS.patch: + Forcibly cast input value to integer. Original fix. + + -- Nicholas Guriev Sun, 13 Mar 2022 16:29:27 +0300 + phpliteadmin (1.9.7.1-1ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: authentication bypass (LP: #1767723) diff -Nru phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch --- phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 1970-01-01 03:00:00.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/patches/Fix-post-num-XSS.patch 2022-03-13 16:28:52.000000000 +0300 @@ -0,0 +1,16 @@ +Description: Fix an XSS vulnerability with the num POST parameter + Forcibly cast value to integer. +Author: Nicholas Guriev +Last-Update: Sat, 12 Mar 2022 09:55:58 +0300 + +--- a/index.php ++++ b/index.php +@@ -2512,7 +2512,7 @@ if(isset($_GET['action']) && !isset($_GE + echo "
"; + echo $token_html; + if(isset($_POST['num'])) +- $num = $_POST['num']; ++ $num = (int)$_POST['num']; + else + $num = 1; + echo ""; diff -Nru phpliteadmin-1.9.7.1/debian/patches/series phpliteadmin-1.9.7.1/debian/patches/series --- phpliteadmin-1.9.7.1/debian/patches/series 2018-04-28 00:14:25.000000000 +0300 +++ phpliteadmin-1.9.7.1/debian/patches/series 2022-03-13 16:28:52.000000000 +0300 @@ -1,3 +1,4 @@ Remove-spontaneous-access-to-Internet.patch Remove-using-build-date.patch Fix-authentication-bypass.patch +Fix-post-num-XSS.patch