Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 68207 Details for
Bug 103308
www-apps/mantisbt: SQL injection and XSS (CAN-2005-255{6-7})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
mantis_0.19.2-4.diff
mantis_0.19.2-4.diff (text/plain), 3.68 KB, created by
SpanKY
on 2005-09-11 16:34:06 UTC
(
hide
)
Description:
mantis_0.19.2-4.diff
Filename:
MIME Type:
Creator:
SpanKY
Created:
2005-09-11 16:34:06 UTC
Size:
3.68 KB
patch
obsolete
>--- mantis-0.19.2.orig/login_page.php >+++ mantis-0.19.2/login_page.php >@@ -139,13 +139,13 @@ > } > } > >- # Check if the admin directory is available and is readable. >- $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; >- if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { >- echo '<div class="warning" align="center">', "\n"; >- echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; >- echo '</div>', "\n"; >- } >+# # Check if the admin directory is available and is readable. >+# $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; >+# if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { >+# echo '<div class="warning" align="center">', "\n"; >+# echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n"; >+# echo '</div>', "\n"; >+# } > ?> > > <!-- Autofocus JS --> >--- mantis-0.19.2.orig/core/database_api.php >+++ mantis-0.19.2/core/database_api.php >@@ -6,9 +6,16 @@ > # See the README and LICENSE files for details > > # -------------------------------------------------------- >- # $Id: database_api.php,v 1.38 2004/12/09 18:55:06 thraxisp Exp $ >+ # $Id: database_api.php,v 1.5.2.1 2005/08/16 21:38:27 bengen Exp $ > # -------------------------------------------------------- > >+ # >+ # Patch for #0005956: Database system scanner via variable poisoning >+ # >+ >+ if (isset($_REQUEST["g_db_type"])) >+ die(""); >+ > ### Database ### > > # This is the general interface for all database calls. >--- mantis-0.19.2.orig/core/filter_api.php >+++ mantis-0.19.2/core/filter_api.php >@@ -753,7 +753,7 @@ > ?> > > <br /> >- <form method="post" name="filters" action="<?php PRINT $t_action; ?>"> >+ <form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>"> > <input type="hidden" name="type" value="5" /> > <?php > if ( $p_for_screen == false ) { >@@ -761,10 +761,10 @@ > PRINT '<input type="hidden" name="offset" value="0" />'; > } > ?> >- <input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" /> >- <input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" /> >- <input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" /> >- <input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" /> >+ <input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" /> >+ <input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" /> >+ <input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" /> >+ <input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" /> > <table class="width100" cellspacing="1"> > > <?php >--- mantis-0.19.2.orig/debian/changelog >+++ mantis-0.19.2/debian/changelog >@@ -0,0 +1,321 @@ >+mantis (0.19.2-4) stable-security; urgency=HIGH >+ >+ * Maintainer upload for the security team >+ * Fixes CAN-2005-2556 >+ - Mantis bug#0005956: Fixes "Database system scanner via variable >+ poisoning" vulnerability >+ * Fixes CAN-2005-2557 >+ - Mantis bug#0005959: Fixes cross-site-scripting vulnerability in >+ view_all_set.php >+ - Mantis bug#0006002: Fixes cross-site-scripting vulnerability in >+ view_all_bug_page.php >+ * Thanks to Joxean Koret <joxeankoret@yahoo.es> for pointing these >+ issues out. Thanks to Glenn Henshaw <thraxisp4@mac.com> for providing >+ detailed information by sending the BTS entries per mail >+ >+ Unfortunately, to my knowledge, upstream developers have neither made >+ those entries publicly available nor issued warnings after fixing the >+ bugs. >+ >+ -- Hilko Bengen <bengen@debian.org> Tue, 16 Aug 2005 23:37:04 +0200
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=68207">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 103308
: 68207
