Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu
Please consider the attached debdiff for an oldstable update.
Changes:
libhtml-scrubber-perl (0.09-1+deb7u1) wheezy; urgency=medium
.
* [SECURITY] CVE-2015-5667: Backport upstream patch fixing
a cross-site scripting vulnerability in comments.
(Closes: #803943)
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru libhtml-scrubber-perl-0.09/debian/changelog libhtml-scrubber-perl-0.09/debian/changelog
--- libhtml-scrubber-perl-0.09/debian/changelog 2011-04-18 18:55:23.000000000 +0300
+++ libhtml-scrubber-perl-0.09/debian/changelog 2015-11-15 22:58:37.000000000 +0200
@@ -1,3 +1,11 @@
+libhtml-scrubber-perl (0.09-1+deb7u1) wheezy; urgency=medium
+
+ * [SECURITY] CVE-2015-5667: Backport upstream patch fixing
+ a cross-site scripting vulnerability in comments.
+ (Closes: #803943)
+
+ -- Niko Tyni <nt...@debian.org> Sun, 15 Nov 2015 21:07:33 +0200
+
libhtml-scrubber-perl (0.09-1) unstable; urgency=low
[ gregor herrmann ]
diff -Nru libhtml-scrubber-perl-0.09/debian/patches/0001-Test-and-fix-for-JVN53973084.patch libhtml-scrubber-perl-0.09/debian/patches/0001-Test-and-fix-for-JVN53973084.patch
--- libhtml-scrubber-perl-0.09/debian/patches/0001-Test-and-fix-for-JVN53973084.patch 1970-01-01 02:00:00.000000000 +0200
+++ libhtml-scrubber-perl-0.09/debian/patches/0001-Test-and-fix-for-JVN53973084.patch 2015-11-15 22:58:37.000000000 +0200
@@ -0,0 +1,65 @@
+From 3f871371cf40baf37981bc829036d4a444e20124 Mon Sep 17 00:00:00 2001
+From: Nigel Metheringham <nig...@cpan.org>
+Date: Sat, 10 Oct 2015 15:01:14 +0100
+Subject: [PATCH] Test and fix for JVN53973084
+
+Malformed tags can pass through as comments.
+Thus comments are now only passed through if
+they are well formed - currently defined as
+matching a regular expression.
+
+Origin: backport, https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
+Bug-Debian: https://bugs.debian.org/803943
+---
+ lib/HTML/Scrubber.pm | 6 +++++-
+ t/jvn53973084.t | 21 +++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+ create mode 100644 t/jvn53973084.t
+
+diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm
+index e8ee4ba..e7c1d42 100644
+--- a/lib/HTML/Scrubber.pm
++++ b/lib/HTML/Scrubber.pm
+@@ -277,7 +277,11 @@ sub _scrub_str {
+ }
+ }
+ elsif ( $e eq 'comment' ) {
+- $outstr .= $text if $s->{_comment};
++ if ( $s->{_comment} ) {
++
++ # only copy comments through if they are well formed...
++ $outstr .= $text if ( $text =~ m|^<!--.*-->$|ms );
++ }
+ }
+ elsif ( $e eq 'process' ) {
+ $outstr .= $text if $s->{_process};
+diff --git a/t/jvn53973084.t b/t/jvn53973084.t
+new file mode 100644
+index 0000000..7767609
+--- /dev/null
++++ b/t/jvn53973084.t
+@@ -0,0 +1,21 @@
++# Tests related to JVN53973084
++
++use strict;
++use warnings;
++use Test::More;
++
++use_ok('HTML::Scrubber');
++
++my @allow = qw[
++ hr
++];
++
++my $html_1 = q[<hr><a href="javascript:alert(1)"<hr>abc];
++my $html_2 = q[<img src="javascript:alert(1)"];
++foreach my $comment_value ( 0, 1 ) {
++ my $scrubber = HTML::Scrubber->new( allow => \@allow, comment => $comment_value );
++ is( $scrubber->scrub($html_1), '<hr>abc', "correct result (1) - with comment => $comment_value" );
++ is( $scrubber->scrub($html_2), '', "correct result (2) - with comment => $comment_value" );
++}
++
++done_testing;
+--
+2.6.2
+
diff -Nru libhtml-scrubber-perl-0.09/debian/patches/series libhtml-scrubber-perl-0.09/debian/patches/series
--- libhtml-scrubber-perl-0.09/debian/patches/series 1970-01-01 02:00:00.000000000 +0200
+++ libhtml-scrubber-perl-0.09/debian/patches/series 2015-11-15 21:11:47.000000000 +0200
@@ -0,0 +1 @@
+0001-Test-and-fix-for-JVN53973084.patch
