Bug#535476: intent to NMU

Nico Golde Mon, 06 Jul 2009 11:54:44 -0700

Hi,
attached is a patch for a 0-day NMU to fix this issue.

Cheers
Nico


-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u drupal5-5.18/debian/changelog drupal5-5.18/debian/changelog
--- drupal5-5.18/debian/changelog
+++ drupal5-5.18/debian/changelog
@@ -1,3 +1,11 @@
+drupal5 (5.18-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Apply upstream patch to fix possible password leakage
+    via URLs (no CVE id yet; SA-CORE-2009-007; Closes: #535476).
+
+ -- Nico Golde <n...@debian.org>  Mon, 06 Jul 2009 20:24:02 +0200
+
 drupal5 (5.18-1) unstable; urgency=low
 
   [ Luigi Gangitano ]
diff -u drupal5-5.18/debian/patches/00list drupal5-5.18/debian/patches/00list
--- drupal5-5.18/debian/patches/00list
+++ drupal5-5.18/debian/patches/00list
@@ -1,0 +2 @@
+20_SA-CORE-2009-007
only in patch2:
unchanged:
--- drupal5-5.18.orig/debian/patches/20_SA-CORE-2009-007.dpatch
+++ drupal5-5.18/debian/patches/20_SA-CORE-2009-007.dpatch
@@ -0,0 +1,46 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20_SA-CORE-2009-007.dpatch by Nico Golde <n...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix password leakage in URL
+
+...@dpatch@
+diff -urNad drupal5-5.18~/includes/pager.inc drupal5-5.18/includes/pager.inc
+--- drupal5-5.18~/includes/pager.inc	2006-10-15 21:57:05.000000000 +0200
++++ drupal5-5.18/includes/pager.inc	2009-07-06 20:21:30.000000000 +0200
+@@ -85,7 +85,7 @@
+ function pager_get_querystring() {
+   static $string = NULL;
+   if (!isset($string)) {
+-    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
++    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
+   }
+   return $string;
+ }
+diff -urNad drupal5-5.18~/includes/tablesort.inc drupal5-5.18/includes/tablesort.inc
+--- drupal5-5.18~/includes/tablesort.inc	2007-06-17 00:29:25.000000000 +0200
++++ drupal5-5.18/includes/tablesort.inc	2009-07-06 20:21:30.000000000 +0200
+@@ -131,7 +131,7 @@
+  *   except for those pertaining to table sorting.
+  */
+ function tablesort_get_querystring() {
+-  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
++  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
+ }
+ 
+ /**
+diff -urNad drupal5-5.18~/modules/forum/forum.module drupal5-5.18/modules/forum/forum.module
+--- drupal5-5.18~/modules/forum/forum.module	2009-04-29 20:53:38.000000000 +0200
++++ drupal5-5.18/modules/forum/forum.module	2009-07-06 20:21:30.000000000 +0200
+@@ -833,6 +833,11 @@
+  * Menu callback; prints a forum listing.
+  */
+ function forum_page($tid = 0) {
++  if (!is_numeric($tid)) {
++    return MENU_NOT_FOUND;
++  }
++  $tid = (int)$tid;
++
+   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
+   $forum_per_page = variable_get('forum_per_page', 25);
+   $sortby = variable_get('forum_order', 1);

pgpPL1xLxaAN4.pgp
Description: PGP signature

Bug#535476: intent to NMU

Reply via email to