Hi Team, Attached you will find the diff between mantis_1.1.6+dfsg-2lenny3 (currently in s-p-u) and mantis_1.1.6+dfsg-2lenny4 with the fix for CVE-2010-3763 [1]. Fixed in version mantis/1.1.8+dfsg-9 (unstable) [2] I'll wait your permission to upload. Don't hesitate to contact me if you need any further info. Best regards, Sils [1] http://security-tracker.debian.org/tracker/CVE-2010-3303 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601618
diff -u mantis-1.1.6+dfsg/debian/changelog mantis-1.1.6+dfsg/debian/changelog --- mantis-1.1.6+dfsg/debian/changelog +++ mantis-1.1.6+dfsg/debian/changelog @@ -1,3 +1,10 @@ +mantis (1.1.6+dfsg-2lenny4) stable-proposed-updates; urgency=low + + * debian/patches/07-CVE-2010-3763.diff: + Fixes for CVE-2010-3763. + + -- Silvia Alvarez <sils@powered-by-linux.com> Sat, 30 Oct 2010 11:55:50 +0200 + mantis (1.1.6+dfsg-2lenny3) stable-proposed-updates; urgency=low * debian/patches/06-CVE-2010-3303-04-and-05.diff: diff -u mantis-1.1.6+dfsg/debian/patches/series mantis-1.1.6+dfsg/debian/patches/series --- mantis-1.1.6+dfsg/debian/patches/series +++ mantis-1.1.6+dfsg/debian/patches/series @@ -1,3 +1,4 @@ +07-CVE-2010-3303-04-and-05.diff 01-use-libphp-phpmailer-instead-of-prepackaged-version.patch 02-disable-admin-directory-check.patch 03-fix-wrong-php-path-in-checkin.patch only in patch2: unchanged: --- mantis-1.1.6+dfsg.orig/debian/patches/07-CVE-2010-3303-04-and-05.diff +++ mantis-1.1.6+dfsg/debian/patches/07-CVE-2010-3303-04-and-05.diff @@ -0,0 +1,39 @@ +# +# Description: Fixes for CVE-2010-3763 +# +# Patch based on upstream repository commit: +# http://www.mantisbt.org/bugs/file_download.php?file_id=3017&type=bug +# +# CVE-2010-3763 : Cross-site scripting (XSS) vulnerability in +# core/summary_api.php in MantisBT before 1.2.3 allows remote +# attackers to inject arbitrary web script or HTML via the +# Summary field, a different vector than CVE-2010-3303. +# +# Author: Dario Minnucci <midget@debian.org> +# Bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3763 +# Bug: http://www.mantisbt.org/bugs/view.php?id=12309 +# Bug-Debian: http://bugs.debian.org/601618 +# Last-Update: 2010-10-30 +# +Index: mantis-1.1.6+dfsg/core/summary_api.php +=================================================================== +--- mantis-1.1.6+dfsg.orig/core/summary_api.php 2010-10-30 11:34:46.839462033 +0200 ++++ mantis-1.1.6+dfsg/core/summary_api.php 2010-10-30 11:36:52.607470031 +0200 +@@ -322,7 +322,7 @@ + if ( $t_count++ == 10 ) break; + + $t_bugid = string_get_bug_view_link( $row['id'] ); +- $t_summary = string_html_specialchars( $row['summary'] ); ++ $t_summary = string_display_line( $row['summary'] ); + $t_notescount = $row['count']; + + print "<tr " . helper_alternate_class() . ">\n"; +@@ -362,7 +362,7 @@ + if ( $t_count++ == 10 ) break; + + $t_bugid = string_get_bug_view_link( $row['id'] ); +- $t_summary = $row['summary']; ++ $t_summary = string_display_line( $row['summary'] ); + $t_days_open = intval ( ( time() - strtotime( $row['date_submitted'] ) ) / 86400 ); + + print "<tr " . helper_alternate_class() . ">\n";
Attachment:
signature.asc
Description: OpenPGP digital signature