Here's a debdiff to fix this issue. I can upload this to stable-security if it is okay for you guys.
I had to fiddle a bit with the patch to make it fit with 2.3, but I think it will work. Not sure it is *complete* however, the way 2.3 treats some arguments is different than 2.6, so it may have more vulnerabilities that could be discovered with a more thorough audit. Also note that I cannot actually test this patch as do not run the 2.3 release in production - too old! Besides, the wheezy package runs fine in squeeze, I don't even need to backport... A.
diff -u smokeping-2.3.6/debian/changelog smokeping-2.3.6/debian/changelog
--- smokeping-2.3.6/debian/changelog
+++ smokeping-2.3.6/debian/changelog
@@ -1,3 +1,9 @@
+smokeping (2.3.6-5+squeeze1) stable-security; urgency=high
+
+ * Security upgrade to fix CVE-2012-0790 (Closes: #659899)
+
+ -- Antoine Beaupré <anar...@debian.org> Tue, 14 Feb 2012 14:02:49 -0500
+
smokeping (2.3.6-5) unstable; urgency=medium
* debian/patches/20_html-parser.dpatch: fix an incompatibility with
diff -u smokeping-2.3.6/debian/patches/00list smokeping-2.3.6/debian/patches/00list
--- smokeping-2.3.6/debian/patches/00list
+++ smokeping-2.3.6/debian/patches/00list
@@ -3,0 +4 @@
+30_cve-2012-0790.dpatch
only in patch2:
unchanged:
--- smokeping-2.3.6.orig/debian/patches/30_cve-2012-0790.dpatch
+++ smokeping-2.3.6/debian/patches/30_cve-2012-0790.dpatch
@@ -0,0 +1,73 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## cve-2012-0790.dpatch by Vincent Danen, ported to 2.3 by Antoine Beaupré
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2012-0790
+
+@DPATCH@
+diff --git a/lib/Smokeping.pm b/lib/Smokeping.pm
+index d29a547..b74c3fc 100644
+--- a/lib/Smokeping.pm
++++ b/lib/Smokeping.pm
+@@ -134,8 +134,10 @@ sub cgiurl {
+ sub hierarchy ($){
+ my $q = shift;
+ my $hierarchy = '';
++ my $h = $q->param('hierarchy');
+ if ($q->param('hierarchy')){
+- $hierarchy = 'hierarchy='.$q->param('hierarchy').';';
++ $h =~ s/[<>&%]/./g;
++ $hierarchy = 'hierarchy='.$h.';';
+ };
+ return $hierarchy;
+ }
+@@ -176,6 +178,7 @@ sub update_dynaddr ($$){
+ my $address = $ENV{REMOTE_ADDR};
+ my $targetptr = $cfg->{Targets};
+ foreach my $step (@target){
++ $step =~ s/[<>&%]/./g;
+ return "Error: Unknown target $step"
+ unless defined $targetptr->{$step};
+ $targetptr = $targetptr->{$step};
+@@ -979,6 +982,7 @@ sub get_detail ($$$$;$){
+ my $open = shift;
+ my $mode = shift || $q->param('displaymode') || 's';
+
++ $mode =~ s/[<>&%]/./g;
+ my $phys_tree = $tree;
+ my $phys_open = $open;
+ if ($tree->{__tree_link}){
+@@ -1376,13 +1380,15 @@ sub get_detail ($$$$;$){
+ } elsif ($mode eq 's') { # classic mode
+ $startstr =~ s/\s/%20/g;
+ $endstr =~ s/\s/%20/g;
++ my $t = $q->param('target');
++ $t =~ s/[<>&%]/./g;
+ for my $slave (@slaves){
+ my $s = $slave ? "~$slave" : "";
+ $page .= "<div>";
+ # $page .= (time-$timer_start)."<br/>";
+ # $page .= join " ",map {"'$_'"} @task;
+ $page .= "<br/>";
+- $page .= ( qq{<a href="}.cgiurl($q,$cfg)."?".hierarchy($q).qq{displaymode=n;start=$startstr;end=now;}."target=".$q->param('target').$s.'">'
++ $page .= ( qq{<a href="}.cgiurl($q,$cfg)."?".hierarchy($q).qq{displaymode=n;start=$startstr;end=now;}."target=".$t.$s.'">'
+ . qq{<IMG BORDER="0" SRC="${imghref}${s}_${end}_${start}.png">}."</a>" ); #"
+ $page .= "</div>";
+ }
+@@ -1525,8 +1531,15 @@ sub hierarchy_switcher($$){
+ sub display_webpage($$){
+ my $cfg = shift;
+ my $q = shift;
+- my ($path,$slave) = split(/~/,$q->param('target') || '');
++ my $targ = '';
++ my $t = $q->param('target');
++ if ( $t and $t !~ /\.\./ and $t =~ /(\S+)/){
++ $targ = $1;
++ $targ =~ s/[<>;%]/./g;
++ }
++ my ($path,$slave) = split(/~/,$targ);
+ my $hierarchy = $q->param('hierarchy');
++ $hierarchy =~ s/[<>;%]/./g;
+ die "ERROR: unknown hierarchy $hierarchy\n"
+ if $hierarchy and not $cfg->{Presentation}{hierarchies}{$hierarchy};
+ my $open = [ (split /\./,$path||'') ];
--
O gentilshommes, la vie est courte.
Si nous vivons, nous vivons
pour marcher sur la tête des rois.
- William Shakespeare
pgpOrsJrPaxkO.pgp
Description: PGP signature
