Bug#504171: CVE-2008-4796: missing input sanitising

Mon, 03 Nov 2008 01:32:40 -0800 

Hi,

attached you find a NMU I've prepared for pixelpost to fix the Security
issue.
It basically stops shipping the Snoopy class but depends on
libphp-snoopy.

Xavier, any objections that I'll upload it? Or do you want to handle
this on your own.

Regards
Evgeni 

diff -u pixelpost-1.7.1/debian/changelog pixelpost-1.7.1/debian/changelog
--- pixelpost-1.7.1/debian/changelog
+++ pixelpost-1.7.1/debian/changelog
@@ -1,3 +1,12 @@
+pixelpost (1.7.1-4.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Use libphp-snoppy instead of own copy.
+    + Closes: #504171
+    + Fixes: CVE-2008-4796
+
+ -- Evgeni Golov <[EMAIL PROTECTED]>  Mon, 03 Nov 2008 09:56:08 +0100
+
 pixelpost (1.7.1-4) unstable; urgency=low
 
   * Swedish debconf template translation added (Closes: #487744).
diff -u pixelpost-1.7.1/debian/rules pixelpost-1.7.1/debian/rules
--- pixelpost-1.7.1/debian/rules
+++ pixelpost-1.7.1/debian/rules
@@ -24,7 +24,7 @@
 	dh_testroot
 	dh_clean -k
 	dh_installdirs
-	dh_install -XCVS
+	dh_install -XCVS -XSnoopy.class.php
 	#commands to create the media directories
 	install -m 755 -o www-data -g www-data -d $(GVARDIR)/images
 	install -m 644 -o www-data -g www-data debian/media-index.html $(GVARDIR)/images/index.html
diff -u pixelpost-1.7.1/debian/links pixelpost-1.7.1/debian/links
--- pixelpost-1.7.1/debian/links
+++ pixelpost-1.7.1/debian/links
@@ -3,0 +4 @@
+/usr/share/php/libphp-snoopy/Snoopy.class.php /usr/share/pixelpost/addons/_defensio/libraries/Snoopy.class.php
diff -u pixelpost-1.7.1/debian/control pixelpost-1.7.1/debian/control
--- pixelpost-1.7.1/debian/control
+++ pixelpost-1.7.1/debian/control
@@ -9,7 +9,7 @@
 
 Package: pixelpost
 Architecture: all
-Depends: apache2 | apache | apache-ssl | apache-perl | httpd, php5 | php4, php5-mysql | php4-mysql, dbconfig-common
+Depends: apache2 | apache | apache-ssl | apache-perl | httpd, php5 | php4, php5-mysql | php4-mysql, dbconfig-common, libphp-snoopy (>= 1.2.4-1)
 Recommends: virtual-mysql-server
 Description: multi-lingual, fully extensible photoblog application
  A photoblog is a web application for presenting your photos in a

Attachment: pgpqpFQWEBwnE.pgp
Description: PGP signature

Reply via email to