[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#725291: ospu: package sympa/6.0.1+dfsg-4+squeeze2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

The version of sympa in oldstable is affected by a bug which permit to
one user to crash or trigger an endless loop in the fastcgi process
running the sympa web interface (wwsympa). See #654622

DSA asked me to upload a fix for this bug in oldstable-proposed-updates
(I hope it's not too late for the next point release).

Attached is the debdiff.


Regards,

M.

-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

diff -Nru sympa-6.0.1+dfsg/debian/changelog sympa-6.0.1+dfsg/debian/changelog
--- sympa-6.0.1+dfsg/debian/changelog	2012-05-20 14:04:58.000000000 +0000
+++ sympa-6.0.1+dfsg/debian/changelog	2013-10-03 12:39:39.000000000 +0000
@@ -1,3 +1,10 @@
+sympa (6.0.1+dfsg-4+squeeze2) oldstable-proposed-updates; urgency=low
+
+  * Fix endless loop in wwsympa while loading session data including
+  metacharacters like regexp symbols (Closes: #654622)
+
+ -- Emmanuel Bouthenot <kolter@debian.org>  Thu, 03 Oct 2013 18:32:59 +0000
+
 sympa (6.0.1+dfsg-4+squeeze1) stable-security; urgency=high
 
   * Fix CVE-2012-2352: Possibility to bypass the authorization mechanisms in
diff -Nru sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch
--- sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch	1970-01-01 00:00:00.000000000 +0000
+++ sympa-6.0.1+dfsg/debian/patches/0001_fix_session_with_metachars.patch	2013-10-03 14:25:35.000000000 +0000
@@ -0,0 +1,34 @@
+Description: Fix endless loop in wwsympa while loading session data
+    including metacharacters like regexp symbols (Closes: #654622)
+Author: Hatuka*nezumi - IKEDA Soji <hatuka@nezumi.nu>
+Origin: upstream, https://sourcesup.renater.fr/scm/viewvc.php?view=revision&root=sympa&revision=6323
+Bug-Debian: http://bug.debian.org/654622
+Last-Update: 2013-10-03
+--- a/src/lib/tools.pm
++++ b/src/lib/tools.pm
+@@ -3229,9 +3229,11 @@
+     my $data = shift;
+     my %hash ;
+     
+-    while ($data =~ /^(\;?(\w+)\=\"([^\"]*)\")/) {
+-	$hash{$2} = $3; 
+-	$data =~ s/$1// ;
++    pos($data) = 0;
++    while ($data =~ /\G;?(\w+)\=\"((\\[\"\\]|[^\"])*)\"(?=(;|\z))/g) {
++	my ($var, $val) = ($1, $2);
++	$val =~ s/\\([\"\\])/$1/g;
++	$hash{$var} = $val; 
+     }    
+ 
+     return (%hash);
+@@ -3246,7 +3248,9 @@
+     my $data_string ;
+     foreach my $var (keys %$refhash ) {
+ 	next unless ($var);
+-	$data_string .= ';'.$var.'="'.$refhash->{$var}.'"';
++	my $val = $refhash->{$var};
++	$val =~ s/([\"\\])/\\$1/g;
++	$data_string .= ';'.$var.'="'.$val.'"';
+     }
+     return ($data_string);
+ }
diff -Nru sympa-6.0.1+dfsg/debian/patches/series sympa-6.0.1+dfsg/debian/patches/series
--- sympa-6.0.1+dfsg/debian/patches/series	2012-05-20 14:04:58.000000000 +0000
+++ sympa-6.0.1+dfsg/debian/patches/series	2013-10-03 12:43:25.000000000 +0000
@@ -1,3 +1,4 @@
+0001_fix_session_with_metachars.patch
 1001_sympa.pl_add_prepare_db_option.patch
 1004_wizard_support_batch_and_display_mode.patch
 1005_wizard_emit_cmd_and_newline_when_dying.patch
Reply to: