[stable] please approve libapache2-mod-perl2/2.0.4-5+lenny1

[Damyan Ivanov <dmn@debian.org>]

Dear stable release managers,

Please approve the upload of libapache2-mod-perl2 2.0.4-5+lenny1 to 
stable. This is needed for closing a security bug (#567635, 
CVE-2009-0796) which was not deemed worth a DSA.

Changelog:

libapache2-mod-perl2 (2.0.4-5+lenny1) stable; urgency=high

  * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
    Patch taken from r760926 of upstream SVN.
    Closes: #567635

 -- Damyan Ivanov <dmn@debian.org>  Sun, 31 Jan 2010 08:40:19 +0200

100-svn-XSS-Status.patch, interdiff and debdiff attached.

Thank you.

# Description: Fix XSS in Apache2::Status (CVE-2009-0796)
# Origin: http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?r1=607697&r2=760926&pathrev=761081&view=patch
# Bug-Debian: 567635
--- a/lib/Apache2/Status.pm
+++ b/lib/Apache2/Status.pm
@@ -29,7 +29,7 @@ use File::Spec ();
 
 use Apache2::Const -compile => qw(OK);
 
-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
+$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
 
 use constant IS_WIN32 => ($^O eq "MSWin32");
 
@@ -126,7 +126,7 @@ sub handler {
         $r->print(symdump($r, $qs));
     }
     else {
-        my $uri = $r->uri;
+        my $uri = $r->location;
         $r->print('<p>');
         $r->print(
             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
@@ -198,7 +198,7 @@ sub status_section_config {
 sub status_inc {
     my ($r) = @_;
 
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my @retval = (
         '<table border="1">',
         "<tr>",
@@ -289,7 +289,7 @@ sub status_rgysubs {
     my ($r) = @_;
 
     local $_;
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $cache = __PACKAGE__->registry_cache;
 
     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
@@ -765,7 +765,7 @@ sub as_HTML {
     my ($self, $package, $r) = @_;
 
     my @m = qw(<table>);
-    my $uri = $r->uri;
+    my $uri = $r->location;
     my $is_main = $package eq "main";
 
     my $do_dump = has($r, "dumper");

diff -u libapache2-mod-perl2-2.0.4/debian/changelog libapache2-mod-perl2-2.0.4/debian/changelog
--- libapache2-mod-perl2-2.0.4/debian/changelog
+++ libapache2-mod-perl2-2.0.4/debian/changelog
@@ -1,3 +1,11 @@
+libapache2-mod-perl2 (2.0.4-5+lenny1) stable; urgency=high
+
+  * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
+    Patch taken from r760926 of upstream SVN.
+    Closes: #567635
+
+ -- Damyan Ivanov <dmn@debian.org>  Sun, 31 Jan 2010 08:40:19 +0200
+
 libapache2-mod-perl2 (2.0.4-5) unstable; urgency=low
 
   [ gregor herrmann ]
diff -u libapache2-mod-perl2-2.0.4/debian/patches/series libapache2-mod-perl2-2.0.4/debian/patches/series
--- libapache2-mod-perl2-2.0.4/debian/patches/series
+++ libapache2-mod-perl2-2.0.4/debian/patches/series
@@ -8,0 +9 @@
+100-svn-XSS-Status.patch
only in patch2:
unchanged:
--- libapache2-mod-perl2-2.0.4.orig/debian/patches/100-svn-XSS-Status.patch
+++ libapache2-mod-perl2-2.0.4/debian/patches/100-svn-XSS-Status.patch
@@ -0,0 +1,50 @@
+# Description: Fix XSS in Apache2::Status (CVE-2009-0796)
+# Origin: http://svn.apache.org/viewvc/perl/modperl/trunk/lib/Apache2/Status.pm?r1=607697&r2=760926&pathrev=761081&view=patch
+# Bug-Debian: 567635
+--- a/lib/Apache2/Status.pm
++++ b/lib/Apache2/Status.pm
+@@ -29,7 +29,7 @@ use File::Spec ();
+ 
+ use Apache2::Const -compile => qw(OK);
+ 
+-$Apache2::Status::VERSION = '4.00'; # mod_perl 2.0
++$Apache2::Status::VERSION = '4.01'; # mod_perl 2.0
+ 
+ use constant IS_WIN32 => ($^O eq "MSWin32");
+ 
+@@ -126,7 +126,7 @@ sub handler {
+         $r->print(symdump($r, $qs));
+     }
+     else {
+-        my $uri = $r->uri;
++        my $uri = $r->location;
+         $r->print('<p>');
+         $r->print(
+             map { qq[<a href="$uri?$_">$status{$_}</a><br />\n] } sort { lc $a cmp lc $b } keys %status
+@@ -198,7 +198,7 @@ sub status_section_config {
+ sub status_inc {
+     my ($r) = @_;
+ 
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my @retval = (
+         '<table border="1">',
+         "<tr>",
+@@ -289,7 +289,7 @@ sub status_rgysubs {
+     my ($r) = @_;
+ 
+     local $_;
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $cache = __PACKAGE__->registry_cache;
+ 
+     my @retval = "<h2>Compiled registry scripts grouped by their handler</h2>";
+@@ -765,7 +765,7 @@ sub as_HTML {
+     my ($self, $package, $r) = @_;
+ 
+     my @m = qw(<table>);
+-    my $uri = $r->uri;
++    my $uri = $r->location;
+     my $is_main = $package eq "main";
+ 
+     my $do_dump = has($r, "dumper");

File lists identical (after any substitutions)

Control files of package libapache2-mod-perl2: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Version: [-2.0.4-5-] {+2.0.4-5+lenny1+}

Control files of package libapache2-mod-perl2-dev: lines which differ (wdiff format)
------------------------------------------------------------------------------------
Version: [-2.0.4-5-] {+2.0.4-5+lenny1+}

Control files of package libapache2-mod-perl2-doc: lines which differ (wdiff format)
------------------------------------------------------------------------------------
Version: [-2.0.4-5-] {+2.0.4-5+lenny1+}

Attachment: signature.asc
Description: Digital signature