[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#961921: marked as done (buster-pu: package php-horde-gollem/3.0.12-3+deb10u1)

Your message dated Sat, 01 Aug 2020 12:51:28 +0100
with message-id <43535efb498a168cf81452ca0c326f004f46adc6.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 10.5 point release
has caused the Debian Bug report #961921,
regarding buster-pu: package php-horde-gollem/3.0.12-3+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
961921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961921
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

I just uploaded an update for php-horde-gollem, fixing CVE-2020-8034.

+  * debian/patches:
+    + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+      (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
+

Greets,
Mike

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-8-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru php-horde-gollem-3.0.12/debian/changelog php-horde-gollem-3.0.12/debian/changelog
--- php-horde-gollem-3.0.12/debian/changelog	2018-05-15 15:16:48.000000000 +0200
+++ php-horde-gollem-3.0.12/debian/changelog	2020-05-31 16:20:16.000000000 +0200
@@ -1,3 +1,11 @@
+php-horde-gollem (3.0.12-3+deb10u1) buster-security; urgency=medium
+
+  * debian/patches:
+    + Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
+      (Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sun, 31 May 2020 16:20:16 +0200
+
 php-horde-gollem (3.0.12-3) unstable; urgency=medium
 
   * Update Standards-Version to 4.1.4, no change
diff -Nru php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch
--- php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch	1970-01-01 01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.12/debian/patches/CVE-2020-8034.patch	2020-05-31 16:19:48.000000000 +0200
@@ -0,0 +1,44 @@
+From a73bef1aef27d4cbfc7b939c2a81dea69aabb083 Mon Sep 17 00:00:00 2001
+From: Jan Schneider <jan@horde.org>
+Date: Wed, 4 Mar 2020 18:54:06 +0100
+Subject: [PATCH] [jan] SECURITY: Fix XSS vulnerability in breadcrumb output
+ (Reported by: polict of Shielder, CVE-2020-8034).
+
+---
+ doc/changelog.yml | 3 ++-
+ lib/Gollem.php    | 5 +++--
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+#diff --git a/doc/changelog.yml b/doc/changelog.yml
+#index dbad6ef..3e429bd 100644
+#--- a/doc/changelog.yml
+#+++ b/doc/changelog.yml
+#@@ -18,7 +18,8 @@
+#   license:
+#     identifier: GPL-2.0
+#     uri: http://www.horde.org/licenses/gpl
+#-  notes:
+#+  notes: |
+#+    [jan] SECURITY: Fix XSS vulnerability in breadcrumb output (Reported by: polict of Shielder, CVE-2020-8034).
+# 3.0.12:
+#   api: 3.0.0
+#   state:
+diff --git a/gollem-3.0.12/lib/Gollem.php b/gollem-3.0.12/lib/Gollem.php
+index 9a4a7cd..ec255e7 100644
+--- a/gollem-3.0.12/lib/Gollem.php
++++ b/gollem-3.0.12/lib/Gollem.php
+@@ -692,10 +692,11 @@ public static function directoryNavLink($currdir, $url)
+                 $dir = implode('/', $part);
+                 if ((strstr($dir, self::$backend['root']) !== false) &&
+                     (self::$backend['root'] != $dir)) {
++                    $part = htmlspecialchars($parts[($i - 1)]);
+                     if ($i == $parts_count) {
+-                        $label[] = $parts[($i - 1)];
++                        $label[] = $part;
+                     } else {
+-                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . htmlspecialchars($parts[($i - 1)]) . '</a>';
++                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . $part . '</a>';
+                     }
+                 }
+             }
+
diff -Nru php-horde-gollem-3.0.12/debian/patches/series php-horde-gollem-3.0.12/debian/patches/series
--- php-horde-gollem-3.0.12/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ php-horde-gollem-3.0.12/debian/patches/series	2020-05-31 16:19:48.000000000 +0200
@@ -0,0 +1 @@
+CVE-2020-8034.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.5

Hi,

Each of these bugs relates to an update that was included in today's
stable point release.

Regards,

Adam

--- End Message ---
Reply to: