[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1007947: bullseye-pu: package phpliteadmin/1.9.8.2-1+deb11u1

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Stable Release Managers,

Salvatore Bonaccorso on the Security Team suggested me to fix a revealed
XSS vulnerability trough the upcoming point release. The issue has got
the assigned number CVE-2021-46709. The proposed fix is a trivial one-
liner patch casting $_GET['newRows'] to (int).


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
 phpliteadmin (1.9.8.2-1+deb11u1) bullseye; urgency=medium
 .
   * Fix CVE-2021-46709, an XSS issue with the newRows GET parameter.


diffstat for phpliteadmin-1.9.8.2 phpliteadmin-1.9.8.2

 changelog                     |    6 ++++++
 patches/Fix-newRows-XSS.patch |   18 ++++++++++++++++++
 patches/series                |    1 +
 3 files changed, 25 insertions(+)

diff -Nru phpliteadmin-1.9.8.2/debian/changelog phpliteadmin-1.9.8.2/debian/changelog
--- phpliteadmin-1.9.8.2/debian/changelog	2019-09-18 18:20:28.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/changelog	2022-03-19 09:25:56.000000000 +0300
@@ -1,3 +1,9 @@
+phpliteadmin (1.9.8.2-1+deb11u1) bullseye; urgency=medium
+
+  * Fix CVE-2021-46709, an XSS issue with the newRows GET parameter.
+
+ -- Nicholas Guriev <guriev-ns@ya.ru>  Sat, 19 Mar 2022 09:25:56 +0300
+
 phpliteadmin (1.9.8.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch
--- phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch	1970-01-01 03:00:00.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/patches/Fix-newRows-XSS.patch	2022-03-19 09:21:01.000000000 +0300
@@ -0,0 +1,18 @@
+Description: Fix an XSS vulnerability with the newRows GET parameter
+ Forcibly cast value to integer. CVE-2021-46709
+Bug: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability
+Forwarded: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows
+Author: Nicholas Guriev <guriev-ns@ya.ru>
+Last-Update: Sat, 19 Mar 2022 09:21:01 +0300
+
+--- a/index.php
++++ b/index.php
+@@ -2613,7 +2613,7 @@ if(isset($_GET['action']) && !isset($_GE
+ 			echo $params->getForm(array('action'=>'row_create','confirm'=>'1'), 'post', true);
+ 			$tableInfo = $db->getTableInfo($target_table);
+ 			if(isset($_GET['newRows']))
+-				$num = $_GET['newRows'];
++				$num = (int)$_GET['newRows'];
+ 			else
+ 				$num = 1;
+ 			echo "<input type='hidden' name='newRows' value='".$num."'/>";
diff -Nru phpliteadmin-1.9.8.2/debian/patches/series phpliteadmin-1.9.8.2/debian/patches/series
--- phpliteadmin-1.9.8.2/debian/patches/series	2019-09-18 18:20:28.000000000 +0300
+++ phpliteadmin-1.9.8.2/debian/patches/series	2022-03-19 09:21:01.000000000 +0300
@@ -1,2 +1,3 @@
 Remove-spontaneous-access-to-Internet.patch
 Remove-using-build-date.patch
+Fix-newRows-XSS.patch

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: