Line
Link Here
|
0 |
-- mantis-0.19.2.orig/login_page.php |
0 |
++ mantis-0.19.2/login_page.php |
Lines 139-151
Link Here
|
139 |
} |
139 |
} |
140 |
} |
140 |
} |
141 |
|
141 |
|
142 |
# Check if the admin directory is available and is readable. |
142 |
# # Check if the admin directory is available and is readable. |
143 |
$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; |
143 |
# $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; |
144 |
if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { |
144 |
# if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { |
145 |
echo '<div class="warning" align="center">', "\n"; |
145 |
# echo '<div class="warning" align="center">', "\n"; |
146 |
echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; |
146 |
# echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; |
147 |
echo '</div>', "\n"; |
147 |
# echo '</div>', "\n"; |
148 |
} |
148 |
# } |
149 |
?> |
149 |
?> |
150 |
|
150 |
|
151 |
<!-- Autofocus JS --> |
151 |
<!-- Autofocus JS --> |
152 |
-- mantis-0.19.2.orig/core/database_api.php |
152 |
++ mantis-0.19.2/core/database_api.php |
Lines 6-14
Link Here
|
6 |
# See the README and LICENSE files for details |
6 |
# See the README and LICENSE files for details |
7 |
|
7 |
|
8 |
# -------------------------------------------------------- |
8 |
# -------------------------------------------------------- |
9 |
# $Id: database_api.php,v 1.38 2004/12/09 18:55:06 thraxisp Exp $ |
9 |
# $Id: database_api.php,v 1.5.2.1 2005/08/16 21:38:27 bengen Exp $ |
10 |
# -------------------------------------------------------- |
10 |
# -------------------------------------------------------- |
11 |
|
11 |
|
|
|
12 |
# |
13 |
# Patch for #0005956: Database system scanner via variable poisoning |
14 |
# |
15 |
|
16 |
if (isset($_REQUEST["g_db_type"])) |
17 |
die(""); |
18 |
|
12 |
### Database ### |
19 |
### Database ### |
13 |
|
20 |
|
14 |
# This is the general interface for all database calls. |
21 |
# This is the general interface for all database calls. |
15 |
-- mantis-0.19.2.orig/core/filter_api.php |
22 |
++ mantis-0.19.2/core/filter_api.php |
Lines 753-759
Link Here
|
753 |
?> |
753 |
?> |
754 |
|
754 |
|
755 |
<br /> |
755 |
<br /> |
756 |
<form method="post" name="filters" action="<?php PRINT $t_action; ?>"> |
756 |
<form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>"> |
757 |
<input type="hidden" name="type" value="5" /> |
757 |
<input type="hidden" name="type" value="5" /> |
758 |
<?php |
758 |
<?php |
759 |
if ( $p_for_screen == false ) { |
759 |
if ( $p_for_screen == false ) { |
Lines 761-770
Link Here
|
761 |
PRINT '<input type="hidden" name="offset" value="0" />'; |
761 |
PRINT '<input type="hidden" name="offset" value="0" />'; |
762 |
} |
762 |
} |
763 |
?> |
763 |
?> |
764 |
<input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" /> |
764 |
<input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" /> |
765 |
<input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" /> |
765 |
<input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" /> |
766 |
<input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" /> |
766 |
<input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" /> |
767 |
<input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" /> |
767 |
<input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" /> |
768 |
<table class="width100" cellspacing="1"> |
768 |
<table class="width100" cellspacing="1"> |
769 |
|
769 |
|
770 |
<?php |
770 |
<?php |
771 |
-- mantis-0.19.2.orig/debian/changelog |
771 |
++ mantis-0.19.2/debian/changelog |
Line 0
Link Here
|
|
|
1 |
mantis (0.19.2-4) stable-security; urgency=HIGH |
2 |
|
3 |
* Maintainer upload for the security team |
4 |
* Fixes CAN-2005-2556 |
5 |
- Mantis bug#0005956: Fixes "Database system scanner via variable |
6 |
poisoning" vulnerability |
7 |
* Fixes CAN-2005-2557 |
8 |
- Mantis bug#0005959: Fixes cross-site-scripting vulnerability in |
9 |
view_all_set.php |
10 |
- Mantis bug#0006002: Fixes cross-site-scripting vulnerability in |
11 |
view_all_bug_page.php |
12 |
* Thanks to Joxean Koret <joxeankoret@yahoo.es> for pointing these |
13 |
issues out. Thanks to Glenn Henshaw <thraxisp4@mac.com> for providing |
14 |
detailed information by sending the BTS entries per mail |
15 |
|
16 |
Unfortunately, to my knowledge, upstream developers have neither made |
17 |
those entries publicly available nor issued warnings after fixing the |
18 |
bugs. |
19 |
|
20 |
-- Hilko Bengen <bengen@debian.org> Tue, 16 Aug 2005 23:37:04 +0200 |