Hi, uploading a 0-day NMU to fix this as this fix is fairly important and the package is currently on RFA status. debdiff attached and backuped online: http://people.debian.org/~nion/nmu-diff/egroupware-1.4.002.dfsg-2_1.4.002.dfsg-2.1.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u egroupware-1.4.002.dfsg/debian/changelog egroupware-1.4.002.dfsg/debian/changelog
--- egroupware-1.4.002.dfsg/debian/changelog
+++ egroupware-1.4.002.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+egroupware (1.4.002.dfsg-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix multiple security issues in kses _bad_protocol_once function. Details
+ are under embargo for now (01-kses-security.dpatch; Closes: #471839).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 22 Mar 2008 16:26:39 +0100
+
egroupware (1.4.002.dfsg-2) unstable; urgency=low
* Upload to unstable
diff -u egroupware-1.4.002.dfsg/debian/patches/00list egroupware-1.4.002.dfsg/debian/patches/00list
--- egroupware-1.4.002.dfsg/debian/patches/00list
+++ egroupware-1.4.002.dfsg/debian/patches/00list
@@ -1,2 +1,3 @@
+01-kses-security
06-egw-header-template
08-egw-checkinstall-symlink
only in patch2:
unchanged:
--- egroupware-1.4.002.dfsg.orig/debian/patches/01-kses-security.dpatch
+++ egroupware-1.4.002.dfsg/debian/patches/01-kses-security.dpatch
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 01-kses-security.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad egroupware-1.4.002.dfsg~/phpgwapi/inc/class.kses.inc.php egroupware-1.4.002.dfsg/phpgwapi/inc/class.kses.inc.php
+--- egroupware-1.4.002.dfsg~/phpgwapi/inc/class.kses.inc.php 2007-09-25 13:52:07.000000000 +0200
++++ egroupware-1.4.002.dfsg/phpgwapi/inc/class.kses.inc.php 2008-03-22 16:23:19.000000000 +0100
+@@ -513,13 +513,12 @@
+ ###############################################################################
+ function _bad_protocol_once($string)
+ {
+- return preg_replace(
+- '/^((&[^;]*;|[\sA-Za-z0-9])*)'.
+- '(:|:|&#[Xx]3[Aa];)\s*/e',
+- '\$this->_bad_protocol_once2("\\1")',
+- $string
+- );
+- return $string;
++ $string2 = preg_split('/:|:|:/i', $string, 2);
++ if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
++ {
++ return $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
++ }
++ return '';
+ } # function _bad_protocol_once
+
+
+@@ -677,4 +676,4 @@
+ return '0.0.2 (OOP fork of kses 0.2.1)';
+ } # function _version
+ }
+-?>
+\ No newline at end of file
++?>
pgpBwwme71ps5.pgp
Description: PGP signature
