severity 338983 important
thanks
Hello
I assume that this applies to the sarge version as well.
I'm not sure this should be considered grave as this only can occur
when a fatal error occur.
This is the actual fix:
@@ -234,7 +234,7 @@
$errortext = _("<b>A fatal error has occurred:</b>") . "<br /><br
/>\n";
if (is_object($error) && method_exists($error, 'getMessage')) {
- $errortext .= $error->getMessage() . "<br /><br />\n";
+ $errortext .= htmlspecialchars($error->getMessage()) . "<br /><br
/>\n";
}
$errortext .= sprintf(_("[line %s of %s]"), $line, $file);
I'm not even sure that this is possible to trigger without being logged
in. But still even logged in users should not be allowed to do such attacks.
And even one more thing is that the error message is not from the user, or
am I wrong here?
So really I'm not sure that this is even possible to trigger. As the
release note stated this is a potential XSS vulnerability.
On Mon, Nov 14, 2005 at 09:45:39AM +0100, Soós Péter wrote:
> Package: horde2
> Version: 2.2.8-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> New upstream version v2.2.9 available to fix potential XSS vulnerability
> due to not properly escaped error messages.
Is there a CAN number for this? I could not find that in the release
notes.
Thanks anyway for reporting. It is valuable to know that new versions come
out with important fixes.
For me and the security team:
http://ftp.horde.org/pub/horde/patches/patch-horde-2.2.8-2.2.9.gz
http://lists.horde.org/archives/announce/2005/000231.html
Regards,
// Ola
> -- System Information:
> Debian Release: 3.1
> Architecture: i386 (i686)
> Kernel: Linux 2.6.14
> Locale: LANG=en_US, LC_CTYPE=hu_HU (charmap=ISO-8859-2)
>
> Versions of packages horde2 depends on:
> ii apache2 2.0.54-5 next generation, scalable,
> extenda
> ii apache2-mpm-prefork [httpd] 2.0.54-5 traditional model for Apache2
> ii binutils 2.15-6 The GNU assembler, linker and
> bina
> ii debconf 1.4.30.13 Debian configuration management
> sy
> ii gettext 0.14.4-2 GNU Internationalization
> utilities
> ii logrotate 3.7-5 Log rotation utility
> ii make 3.80-9 The GNU version of the "make"
> util
> ii perl 5.8.4-8 Larry Wall's Practical
> Extraction
> ii php4 4:4.3.10-16 server-side, HTML-embedded
> scripti
> ii php4-cgi 4:4.3.10-16 server-side, HTML-embedded
> scripti
> ii php4-pear 4:4.3.10-16 PEAR - PHP Extension and
> Applicati
> ii php4-pear-log 1.6.0-1.1 Log module for PEAR
> ii wwwconfig-common 0.0.43 Debian web auto configuration
>
> -- debconf information excluded
>
>
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
