[Pkg-nagios-changes] [SCM] Debian packaging for Nagios3 branch, master, updated. 3.2.3-1-20-gb5f30e1

[Alexander Wirt]

The following commit has been merged in the master branch:
commit 91494730e7ca184196c2c5be147e33cd8c90368d
Author: Alexander Wirt <formorer at debian.org>
Date:   Sat Jun 4 09:44:46 2011 +0200

    Fix CVE-2011-2179: XSS via expand function in config.cgi (Closes: #629127).

diff --git a/debian/patches/00list b/debian/patches/00list
index 2b3ed9c..af56ae5 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -6,3 +6,4 @@
 55_strip_logarchivepath.dpatch
 60_fix_p1.pl_patch_mini_epn.dpatch
 70_fix_eventhandler_paths.dpatch
+98_fix_XSS_CVE-2011-2179.dpatch
diff --git a/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch b/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch
new file mode 100755
index 0000000..77ef7be
--- /dev/null
+++ b/debian/patches/98_fix_XSS_CVE-2011-2179.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_fix_XSS.dpatch by Alexander Wirt <formorer at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nagios3~/cgi/config.c pkg-nagios3/cgi/config.c
+--- pkg-nagios3~/cgi/config.c	2011-05-22 08:22:20.000000000 +0200
++++ pkg-nagios3/cgi/config.c	2011-06-04 09:36:40.208175645 +0200
+@@ -2275,7 +2275,7 @@
+ 	if ((*to_expand)!='\0'){
+ 		arg_count[0]=0;
+ 
+-		printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",command_args[0]);
++		printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",escape_string(command_args[0]));
+ 		for (i=1;(i<MAX_COMMAND_ARGUMENTS)&&command_args[i];i++)
+ 			printf("!<FONT\n   COLOR='%s'>%s</FONT>",hash_color(i),command_args[i]);
+ 		printf("\n</TD></TR>\n");

-- 
Debian packaging for Nagios3