--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package php-horde-gollem/3.0.12-3+deb10u1
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Sun, 31 May 2020 17:04:12 +0200
- Message-id: <159093745203.1114.12107587841540820956.reportbug@minobo.das-netzwerkteam.de>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear release team,
I just uploaded an update for php-horde-gollem, fixing CVE-2020-8034.
+ * debian/patches:
+ + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+ (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
+
Greets,
Mike
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru php-horde-gollem-3.0.12/debian/changelog php-horde-gollem-3.0.12/debian/changelog
--- php-horde-gollem-3.0.12/debian/changelog 2018-05-15 15:16:48.000000000 +0200
+++ php-horde-gollem-3.0.12/debian/changelog 2020-05-31 16:20:16.000000000 +0200
@@ -1,3 +1,11 @@
+php-horde-gollem (3.0.12-3+deb10u1) buster-security; urgency=medium
+
+ * debian/patches:
+ + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+ (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
+
+ -- Mike Gabriel <sunweaver@debian.org> Sun, 31 May 2020 16:20:16 +0200
+
php-horde-gollem (3.0.12-3) unstable; urgency=medium
* Update Standards-Version to 4.1.4, no change
diff -Nru php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch
--- php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch 1970-01-01 01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch 2020-05-31 16:19:48.000000000 +0200
@@ -0,0 +1,44 @@
+From a73bef1aef27d4cbfc7b939c2a81dea69aabb083 Mon Sep 17 00:00:00 2001
+From: Jan Schneider <jan@horde.org>
+Date: Wed, 4 Mar 2020 18:54:06 +0100
+Subject: [PATCH] [jan] SECURITY: Fix XSS vulnerability in breadcrumb output
+ (Reported by: polict of Shielder, CVE-2020-8034).
+
+---
+ doc/changelog.yml | 3 ++-
+ lib/Gollem.php | 5 +++--
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+#diff --git a/doc/changelog.yml b/doc/changelog.yml
+#index dbad6ef..3e429bd 100644
+#--- a/doc/changelog.yml
+#+++ b/doc/changelog.yml
+#@@ -18,7 +18,8 @@
+# license:
+# identifier: GPL-2.0
+# uri: http://www.horde.org/licenses/gpl
+#- notes:
+#+ notes: |
+#+ [jan] SECURITY: Fix XSS vulnerability in breadcrumb output (Reported by: polict of Shielder, CVE-2020-8034).
+# 3.0.12:
+# api: 3.0.0
+# state:
+diff --git a/gollem-3.0.12/lib/Gollem.php b/gollem-3.0.12/lib/Gollem.php
+index 9a4a7cd..ec255e7 100644
+--- a/gollem-3.0.12/lib/Gollem.php
++++ b/gollem-3.0.12/lib/Gollem.php
+@@ -692,10 +692,11 @@ public static function directoryNavLink($currdir, $url)
+ $dir = implode('/', $part);
+ if ((strstr($dir, self::$backend['root']) !== false) &&
+ (self::$backend['root'] != $dir)) {
++ $part = htmlspecialchars($parts[($i - 1)]);
+ if ($i == $parts_count) {
+- $label[] = $parts[($i - 1)];
++ $label[] = $part;
+ } else {
+- $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . htmlspecialchars($parts[($i - 1)]) . '</a>';
++ $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . $part . '</a>';
+ }
+ }
+ }
+
diff -Nru php-horde-gollem-3.0.12/debian/patches/series php-horde-gollem-3.0.12/debian/patches/series
--- php-horde-gollem-3.0.12/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.12/debian/patches/series 2020-05-31 16:19:48.000000000 +0200
@@ -0,0 +1 @@
+CVE-2020-8034.patch
--- End Message ---