diff -Nru dolibarr-3.5.5+dfsg1/debian/changelog dolibarr-3.5.5+dfsg1/debian/changelog
--- dolibarr-3.5.5+dfsg1/debian/changelog 2014-12-07 15:52:53.000000000 +0100
+++ dolibarr-3.5.5+dfsg1/debian/changelog 2016-02-08 21:30:58.000000000 +0100
@@ -1,3 +1,11 @@
+dolibarr (3.5.5+dfsg1-1+deb8u1) UNRELEASED; urgency=high
+
+ * Fix CVE-2016-1912 (Closes: #812496)
+ * Fix CVE-2015-8685 (Closes: #812449)
+ * Fix CVE-2015-3935 (Closes: #787762)
+
+
dolibarr (3.5.5+dfsg1-1) unstable; urgency=medium
* New upstream release with 3.5.5
diff -Nru dolibarr-3.5.5+dfsg1/debian/patches/FIX-4291-GETPOSTs.patch dolibarr-3.5.5+dfsg1/debian/patches/FIX-4291-GETPOSTs.patch
--- dolibarr-3.5.5+dfsg1/debian/patches/FIX-4291-GETPOSTs.patch 1970-01-01 01:00:00.000000000 +0100
+++ dolibarr-3.5.5+dfsg1/debian/patches/FIX-4291-GETPOSTs.patch 2016-02-08 21:30:58.000000000 +0100
@@ -0,0 +1,35 @@
+diff --git a/htdocs/admin/agenda_extsites.php b/htdocs/admin/agenda_extsites.php
+index ac105cf..bf68c61 100644
+--- a/htdocs/admin/agenda_extsites.php
++++ b/htdocs/admin/agenda_extsites.php
+@@ -1,6 +1,7 @@
+ <?php
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -88,7 +89,7 @@
+ // Save nb of agenda
+ if (! $error)
+ {
+- $res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0,'',$conf->entity);
++ $res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','int')),'chaine',0,'',$conf->entity);
+ if (! $res > 0) $error++;
+ if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
+ $MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
+@@ -201,9 +202,9 @@
+ // Nb
+ print '<td width="180" class="nowrap">'.$langs->trans("AgendaExtNb",$key)."</td>";
+ // Name
+- print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key):$conf->global->$name) . '" size="28"></td>';
++ print '<td><input type="text" class="flat hideifnotset" name="agenda_ext_name'.$key.'" value="'. (GETPOST('agenda_ext_name'.$key)?GETPOST('agenda_ext_name'.$key, 'alpha'):$conf->global->$name) . '" size="28"></td>';
+ // URL
+- print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key):$conf->global->$src) . '" size="60"></td>';
++ print '<td><input type="url" class="flat hideifnotset" name="agenda_ext_src'.$key.'" value="'. (GETPOST('agenda_ext_src'.$key)?GETPOST('agenda_ext_src'.$key, 'alpha'):$conf->global->$src) . '" size="60"></td>';
+ // Color (Possible colors are limited by Google)
+ print '<td class="nowrap" align="right">';
+ //print $formadmin->selectColor($conf->global->$color, "google_agenda_color".$key, $colorlist);
diff -Nru dolibarr-3.5.5+dfsg1/debian/patches/Fix-787762-CVE20153935.patch dolibarr-3.5.5+dfsg1/debian/patches/Fix-787762-CVE20153935.patch
--- dolibarr-3.5.5+dfsg1/debian/patches/Fix-787762-CVE20153935.patch 1970-01-01 01:00:00.000000000 +0100
+++ dolibarr-3.5.5+dfsg1/debian/patches/Fix-787762-CVE20153935.patch 2016-02-08 21:30:58.000000000 +0100
@@ -0,0 +1,22 @@
+diff --git a/debian/changelog b/debian/changelog
+index 7d3e2e1..09dd3e0 100644
+--- a/htdocs/societe/societe.php
++++ b/htdocs/societe/societe.php
+@@ -272,7 +272,7 @@
+ $num = $db->num_rows($resql);
+ $i = 0;
+
+- $params = "&socname=".$socname."&search_nom=".$search_nom."&search_town=".$search_town;
++ $params = "&socname=".urlencode($socname)."&search_nom=".urlencode($search_nom)."&search_town=".urlencode($search_town);
+ $params.= ($sbarcode?"&sbarcode=".$sbarcode:"");
+ $params.= '&search_idprof1='.$search_idprof1;
+ $params.= '&search_idprof2='.$search_idprof2;
+@@ -348,7 +348,7 @@
+ print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
+ print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
+ if (! empty($search_nom_only) && empty($search_nom)) $search_nom=$search_nom_only;
+- print '<input class="flat" type="text" name="search_nom" value="'.$search_nom.'">';
++ print '<input class="flat" type="text" name="search_nom" value="'.dol_escape_htmltag($search_nom).'">';
+ print '</td>';
+ // Barcode
+ if (! empty($conf->barcode->enabled))
diff -Nru dolibarr-3.5.5+dfsg1/debian/patches/FIX-CVE-CVE20158685-CVE-2016-1912.patch dolibarr-3.5.5+dfsg1/debian/patches/FIX-CVE-CVE20158685-CVE-2016-1912.patch
--- dolibarr-3.5.5+dfsg1/debian/patches/FIX-CVE-CVE20158685-CVE-2016-1912.patch 1970-01-01 01:00:00.000000000 +0100
+++ dolibarr-3.5.5+dfsg1/debian/patches/FIX-CVE-CVE20158685-CVE-2016-1912.patch 2016-02-08 21:30:58.000000000 +0100
@@ -0,0 +1,37 @@
+diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
+index 7fba7f5..90eac77 100644
+--- a/htdocs/main.inc.php
++++ b/htdocs/main.inc.php
+@@ -80,13 +80,15 @@
+ // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
+ if ($type != 2)
+ {
+- $sql_inj += preg_match('/delete[\s]+from/i', $val);
+- $sql_inj += preg_match('/create[\s]+table/i', $val);
+- $sql_inj += preg_match('/update.+set.+=/i', $val);
+- $sql_inj += preg_match('/insert[\s]+into/i', $val);
+- $sql_inj += preg_match('/select.+from/i', $val);
+- $sql_inj += preg_match('/union.+select/i', $val);
+- $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
++ $sql_inj += preg_match('/delete\s+from/i', $val);
++ $sql_inj += preg_match('/create\s+table/i', $val);
++ $sql_inj += preg_match('/update.+set.+=/i', $val);
++ $sql_inj += preg_match('/insert\s+into/i', $val);
++ $sql_inj += preg_match('/select.+from/i', $val);
++ $sql_inj += preg_match('/union.+select/i', $val);
++ $sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
++ $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
++ $sql_inj += preg_match('/_onerror_=/i', $val);
+ }
+ // For XSS Injection done by adding _javascript_ with script
+ // This is all cases a browser consider text is _javascript_:
+@@ -94,7 +96,8 @@
+ $sql_inj += preg_match('/<script/i', $val);
+ if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
+- $sql_inj += preg_match('/base[\s]+href/i', $val);
++ $sql_inj += preg_match('/base[\s]+href/si', $val);
++ $sql_inj += preg_match('/<.*onmouse/si', $val); // onmouseover can be set on img or any html tag like <img title='>' _onmouseover_=alert(1)>
+ if ($type == 1)
+ {
+ $sql_inj += preg_match('/_javascript_:/i', $val);
diff -Nru dolibarr-3.5.5+dfsg1/debian/patches/series dolibarr-3.5.5+dfsg1/debian/patches/series
--- dolibarr-3.5.5+dfsg1/debian/patches/series 2014-12-07 15:52:53.000000000 +0100
+++ dolibarr-3.5.5+dfsg1/debian/patches/series 2016-02-08 21:30:58.000000000 +0100
@@ -1 +1,4 @@
use-etc-dolibarr-conf.patch
+Fix-787762-CVE20153935.patch
+FIX-CVE-CVE20158685-CVE-2016-1912.patch
+FIX-4291-GETPOSTs.patch
\ Pas de fin de ligne à la fin du fichier