Your message dated Sat, 05 Sep 2015 14:33:54 +0100 with message-id <1441460034.2151.33.camel@adam-barratt.org.uk> and subject line Closing bugs for 7.9 has caused the Debian Bug report #785155, regarding wheezy-pu: package phpbb3/3.0.10-4+deb7u3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 785155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785155 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: wheezy-pu: package phpbb3/3.0.10-4+deb7u3
- From: David Prévot <taffit@debian.org>
- Date: Tue, 12 May 2015 16:13:09 -0400
- Message-id: <20150512201309.GA9328@mikado.tilapin.org>
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Hi, Please accept the fix for CVE-2015-3880 in Wheezy, tagged as <no-dsa> as agreed with the security team. The attached debdiff is pretty similar to the one for Jessie (phpbb3/3.0.12-5+deb8u1, #785154). Regards Daviddiff --git a/changelog b/changelog index 0856a51..e4048ab 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,11 @@ +phpbb3 (3.0.10-4+deb7u3) wheezy; urgency=medium + + * Fix possible redirection on Chrome: an insufficient check allowed users of + the Google Chrome browser to be redirected to external domains (e.g. on + login) [CVE-2015-3880] + + -- David Prévot <taffit@debian.org> Tue, 12 May 2015 16:02:09 -0400 + phpbb3 (3.0.10-4+deb7u2) wheezy; urgency=medium * Fix CSRF vulnerability [CVE-2015-1432] and CSS injection [CVE-2015-1431] diff --git a/patches/fix_CVE-2015-3880.patch b/patches/fix_CVE-2015-3880.patch new file mode 100644 index 0000000..bf789db --- /dev/null +++ b/patches/fix_CVE-2015-3880.patch @@ -0,0 +1,32 @@ +Description: Fix possible redirection on Chrome + An insufficient check allowed users of the Google Chrome browser to be + redirected to external domains (e.g. on login). + [CVE-2015-3880] +Author: Marc Alexander <admin@m-a-styles.de>, Joas Schilling <nickvergessen@gmx.de> +Origin: upstream, https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04 +Reviewed-by: Andreas Fischer <bantu@phpbb.com> +Last-Update: 2015-05-09 +--- a/includes/functions.php ++++ b/includes/functions.php +@@ -2426,7 +2426,7 @@ + // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) + if (!$disable_cd_check && $url_parts['host'] !== $user->host) + { +- $url = generate_board_url(); ++ trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + } + else if ($url[0] == '/') +@@ -2513,6 +2513,12 @@ + } + } + ++ // Make sure we don't redirect to external URLs ++ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) ++ { ++ trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); ++ } ++ + // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 + if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) + { diff --git a/patches/series b/patches/series index 42df55d..86f65b1 100644 --- a/patches/series +++ b/patches/series @@ -8,3 +8,4 @@ fix-php54.patch fix_chown.patch fix_CVE-2015-1431.patch fix_CVE-2015-1432.patch +fix_CVE-2015-3880.patchAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 725661-done@bugs.debian.org, 770955-done@bugs.debian.org, 773796-done@bugs.debian.org, 774773-done@bugs.debian.org, 774820-done@bugs.debian.org, 774850-done@bugs.debian.org, 774921-done@bugs.debian.org, 775380-done@bugs.debian.org, 775603-done@bugs.debian.org, 775664-done@bugs.debian.org, 775825-done@bugs.debian.org, 776095-done@bugs.debian.org, 776734-done@bugs.debian.org, 776781-done@bugs.debian.org, 776884-done@bugs.debian.org, 777046-done@bugs.debian.org, 777047-done@bugs.debian.org, 777372-done@bugs.debian.org, 777553-done@bugs.debian.org, 778622-done@bugs.debian.org, 779083-done@bugs.debian.org, 779622-done@bugs.debian.org, 779926-done@bugs.debian.org, 780191-done@bugs.debian.org, 780471-done@bugs.debian.org, 780798-done@bugs.debian.org, 780924-done@bugs.debian.org, 781281-done@bugs.debian.org, 781406-done@bugs.debian.org, 781542-done@bugs.debian.org, 781885-done@bugs.debian.org, 781965-done@bugs.debian.org, 782042-done@bugs.debian.org, 782165-done@bugs.debian.org, 782409-done@bugs.debian.org, 782600-done@bugs.debian.org, 782663-done@bugs.debian.org, 782848-done@bugs.debian.org, 783659-done@bugs.debian.org, 783749-done@bugs.debian.org, 784102-done@bugs.debian.org, 785155-done@bugs.debian.org, 785348-done@bugs.debian.org, 785735-done@bugs.debian.org, 786691-done@bugs.debian.org, 786830-done@bugs.debian.org, 786919-done@bugs.debian.org, 787076-done@bugs.debian.org, 787403-done@bugs.debian.org, 787933-done@bugs.debian.org, 787947-done@bugs.debian.org, 788064-done@bugs.debian.org, 788242-done@bugs.debian.org, 788558-done@bugs.debian.org, 788664-done@bugs.debian.org, 790692-done@bugs.debian.org, 790940-done@bugs.debian.org, 793028-done@bugs.debian.org, 794962-done@bugs.debian.org, 795166-done@bugs.debian.org, 795892-done@bugs.debian.org, 797079-done@bugs.debian.org, 797213-done@bugs.debian.org
- Subject: Closing bugs for 7.9
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 05 Sep 2015 14:33:54 +0100
- Message-id: <1441460034.2151.33.camel@adam-barratt.org.uk>
Version: 7.9 Hi, These bugs relate to updates which were included in the 7.9 point release. Regards, Adam
--- End Message ---