Bug#377299: sitebar: CVE-2006-3320: cross-site scripting

Fri, 28 Jul 2006 06:09:41 -0700 

tags 377299 +patch
thanks

Hello,

> CVE-2006-3320: "Cross-site scripting (XSS) vulnerability in command.php
> in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary
> web script or HTML via the command parameter."

I've already fixed this by NMU in unstable. I've also prepared an
updated package for stable - question is if the security team wants to
release an advisory for this and if this package is ok. See attachment.

Let me know, if it's ok I'll upload it to stable-security.


Attached are the diffs for the sid NMU and the proposed sarge NMU.


Thanks.
Thijs

diff -u sitebar-3.2.6/debian/changelog sitebar-3.2.6/debian/changelog
--- sitebar-3.2.6/debian/changelog
+++ sitebar-3.2.6/debian/changelog
@@ -1,3 +1,11 @@
+sitebar (3.2.6-7.1) unstable; urgency=low
+
+  * Non-maintainer upload for security bug fix.
+  * Properly encode the 'command' parameter of command.php
+    (CVE-2006-3320, Closes: #377299).
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]>  Fri, 28 Jul 2006 14:42:47 +0200
+
 sitebar (3.2.6-7) unstable; urgency=low
 
   * Updated maintainer field to reference my shiny new debian.org address
only in patch2:
unchanged:
--- sitebar-3.2.6.orig/command.php
+++ sitebar-3.2.6/command.php
@@ -3814,7 +3814,7 @@
 
 ?>
 
-<div id="<?php echo ($cw->hasErrors()?$errId:'command').'Head'?>"><?php echo T($cw->command)?></div>
+<div id="<?php echo ($cw->hasErrors()?$errId:'command').'Head'?>"><?php echo htmlspecialchars(T($cw->command))?></div>
 <div id="<?php echo ($cw->hasErrors()?$errId:'command').'Body'?>">
 <?php
     if ($cw->hasErrors())

diff -u sitebar-3.3.8/debian/changelog sitebar-3.3.8/debian/changelog
--- sitebar-3.3.8/debian/changelog
+++ sitebar-3.3.8/debian/changelog
@@ -1,3 +1,11 @@
+sitebar (3.3.8-1.1) unstable; urgency=high
+
+  * High urgency upload for RC security bug fix.
+  * Properly encode the 'command' parameter of command.php
+    (CVE-2006-3320, Closes: #377299).
+
+ -- Thijs Kinkhorst <[EMAIL PROTECTED]>  Fri, 28 Jul 2006 14:29:31 +0200
+
 sitebar (3.3.8-1) unstable; urgency=low
 
   * New upstream release and new maintainer (Closes: #358893)
only in patch2:
unchanged:
--- sitebar-3.3.8.orig/command.php
+++ sitebar-3.3.8/command.php
@@ -5809,7 +5809,7 @@
 ?>
 <div id="<?php echo ($cw->hasErrors()?$errId:'command').'Head'?>" class="cmnTitle">
 <div id="help" onclick="SB_openHelp('<?php echo $onlineHelp ?>')">?</div>
-<div id="command"><?php echo SB_T($cw->command)?></div>
+<div id="command"><?php echo htmlspecialchars(SB_T($cw->command))?></div>
 </div>
 <div id="<?php echo ($cw->hasErrors()?$errId:'command').'Body'?>">
 <?php

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to