Your message dated Sat, 06 Jun 2015 13:11:11 +0100 with message-id <1433592671.2987.12.camel@adam-barratt.org.uk> and subject line Fix released with 8.1 point release has caused the Debian Bug report #785154, regarding jessie-pu: package phpbb3/3.0.12-5+deb8u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 785154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785154 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package phpbb3/3.0.12-5+deb8u1
- From: David Prévot <taffit@debian.org>
- Date: Tue, 12 May 2015 16:10:29 -0400
- Message-id: <20150512201029.GA8035@mikado.tilapin.org>
Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Hi, Please accept the fix for CVE-2015-3880 in Jessie, tagged as <no-dsa> as agreed with the security team. Attached debdiff, similar request for Wheezy follows. Regards Daviddiff --git a/changelog b/changelog index f0fb324..c8b1f20 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,11 @@ +phpbb3 (3.0.12-5+deb8u1) jessie; urgency=medium + + * Fix possible redirection on Chrome: an insufficient check allowed users of + the Google Chrome browser to be redirected to external domains (e.g. on + login) [CVE-2015-3880] + + -- David Prévot <taffit@debian.org> Tue, 12 May 2015 15:52:23 -0400 + phpbb3 (3.0.12-5) unstable; urgency=medium * Fix authentication setup: another PHP 5.6 compatibility issue, the diff --git a/patches/fix_CVE-2015-3880.patch b/patches/fix_CVE-2015-3880.patch new file mode 100644 index 0000000..320d589 --- /dev/null +++ b/patches/fix_CVE-2015-3880.patch @@ -0,0 +1,32 @@ +Description: Fix possible redirection on Chrome + An insufficient check allowed users of the Google Chrome browser to be + redirected to external domains (e.g. on login). + [CVE-2015-3880] +Author: Marc Alexander <admin@m-a-styles.de>, Joas Schilling <nickvergessen@gmx.de> +Origin: upstream, https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04 +Reviewed-by: Andreas Fischer <bantu@phpbb.com> +Last-Update: 2015-05-09 +--- a/includes/functions.php ++++ b/includes/functions.php +@@ -2492,7 +2492,7 @@ + // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) + if (!$disable_cd_check && $url_parts['host'] !== $user->host) + { +- $url = generate_board_url(); ++ trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + } + else if ($url[0] == '/') +@@ -2579,6 +2579,12 @@ + } + } + ++ // Make sure we don't redirect to external URLs ++ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) ++ { ++ trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); ++ } ++ + // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 + if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) + { diff --git a/patches/series b/patches/series index c79ff46..f3998ad 100644 --- a/patches/series +++ b/patches/series @@ -9,3 +9,4 @@ fix_CVE-2015-1431.patch fix_CVE-2015-1432.patch improve_php_5.6_compatibility.patch add_phpbb_prefix_to_ldap_escape.patch +fix_CVE-2015-3880.patchAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 781276-done@bugs.debian.org
- Cc: 781284-done@bugs.debian.org, 782900-done@bugs.debian.org, 783256-done@bugs.debian.org, 783404-done@bugs.debian.org, 783488-done@bugs.debian.org, 783489-done@bugs.debian.org, 783526-done@bugs.debian.org, 783722-done@bugs.debian.org, 783750-done@bugs.debian.org, 783811-done@bugs.debian.org, 783884-done@bugs.debian.org, 783973-done@bugs.debian.org, 784101-done@bugs.debian.org, 784178-done@bugs.debian.org, 784342-done@bugs.debian.org, 784383-done@bugs.debian.org, 784644-done@bugs.debian.org, 784714-done@bugs.debian.org, 784800-done@bugs.debian.org, 784801-done@bugs.debian.org, 784815-done@bugs.debian.org, 784816-done@bugs.debian.org, 784905-done@bugs.debian.org, 784943-done@bugs.debian.org, 784946-done@bugs.debian.org, 784962-done@bugs.debian.org, 784963-done@bugs.debian.org, 784964-done@bugs.debian.org, 784998-done@bugs.debian.org, 785154-done@bugs.debian.org, 785184-done@bugs.debian.org, 785201-done@bugs.debian.org, 785240-done@bugs.debian.org, 785254-done@bugs.debian.org, 785298-done@bugs.debian.org, 785301-done@bugs.debian.org, 785386-done@bugs.debian.org, 785478-done@bugs.debian.org, 785510-done@bugs.debian.org, 785523-done@bugs.debian.org, 785713-done@bugs.debian.org, 785718-done@bugs.debian.org, 786388-done@bugs.debian.org, 786389-done@bugs.debian.org, 786431-done@bugs.debian.org, 786513-done@bugs.debian.org, 786647-done@bugs.debian.org, 786720-done@bugs.debian.org, 786744-done@bugs.debian.org, 786811-done@bugs.debian.org, 786812-done@bugs.debian.org, 786856-done@bugs.debian.org, 786860-done@bugs.debian.org, 786863-done@bugs.debian.org, 786870-done@bugs.debian.org, 786912-done@bugs.debian.org, 786918-done@bugs.debian.org, 786922-done@bugs.debian.org, 786924-done@bugs.debian.org, 786982-done@bugs.debian.org, 787008-done@bugs.debian.org, 787014-done@bugs.debian.org, 787255-done@bugs.debian.org, 787260-done@bugs.debian.org, 787626-done@bugs.debian.org, 787636-done@bugs.debian.org
- Subject: Fix released with 8.1 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 06 Jun 2015 13:11:11 +0100
- Message-id: <1433592671.2987.12.camel@adam-barratt.org.uk>
Version: 8.1 Hi, The fix discussed in this bug was released to stable as part of the 8.1 point release earlier today. Regards, Adam
--- End Message ---