[Pkg-nagios-changes] [SCM] Debian packaging for Nagios3 branch, master, updated. 3.2.3-1-20-gb5f30e1
Alexander Wirt
formorer at debian.org
Sat Jun 4 07:53:11 UTC 2011
The following commit has been merged in the master branch:
commit b5f30e1bd3a3c572f9016197e5a27f3196d6f3ce
Author: Alexander Wirt <formorer at debian.org>
Date: Sat Jun 4 09:51:04 2011 +0200
Fix for CVE-2011-1523: XSS problem in statusmap.cgi (Closes: #629127)
diff --git a/debian/patches/00list b/debian/patches/00list
index af56ae5..915bbc6 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -7,3 +7,4 @@
60_fix_p1.pl_patch_mini_epn.dpatch
70_fix_eventhandler_paths.dpatch
98_fix_XSS_CVE-2011-2179.dpatch
+99_fix_XSS_CVE-2011-1523.dpatch
diff --git a/debian/patches/99_fix_XSS_CVE-2011-1523.dpatch b/debian/patches/99_fix_XSS_CVE-2011-1523.dpatch
new file mode 100755
index 0000000..2b71fc5
--- /dev/null
+++ b/debian/patches/99_fix_XSS_CVE-2011-1523.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_fix_XSS_CVE-2011-1523.dpatch by Alexander Wirt <formorer at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix for CVE-2011-1523 (#629127)
+## DP: http://tracker.nagios.org/view.php?id=207
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nagios3~/cgi/statusmap.c pkg-nagios3/cgi/statusmap.c
+--- pkg-nagios3~/cgi/statusmap.c 2011-05-22 08:22:20.000000000 +0200
++++ pkg-nagios3/cgi/statusmap.c 2011-06-04 09:41:55.642532781 +0200
+@@ -2404,7 +2404,7 @@
+
+ for(temp_layer=layer_list;temp_layer!=NULL;temp_layer=temp_layer->next){
+ if(get_method==TRUE)
+- printf("&layer=%s",temp_layer->layer_name);
++ printf("&layer=%s",escape_string(temp_layer->layer_name));
+ else
+ printf("<input type='hidden' name='layer' value='%s'>\n",escape_string(temp_layer->layer_name));
+ }
--
Debian packaging for Nagios3
More information about the Pkg-nagios-changes
mailing list