[Pkg-tcltk-commits] r1708 - in tcllib/trunk/debian: . patches

sgolovan at alioth.debian.org sgolovan at alioth.debian.org
Mon Mar 9 12:48:24 UTC 2015 

Author: sgolovan
Date: 2015-03-09 12:48:23 +0000 (Mon, 09 Mar 2015)
New Revision: 1708

Added:
   tcllib/trunk/debian/patches/html-textarea-xss.patch
Modified:
   tcllib/trunk/debian/changelog
   tcllib/trunk/debian/patches/series
Log:
[tcllib]
  * Added a patch from upstream which fixes an XSS vulnerability in
    the html module for <textarea/> elements (closes: #780100).


Modified: tcllib/trunk/debian/changelog
===================================================================
--- tcllib/trunk/debian/changelog	2015-03-09 08:49:55 UTC (rev 1707)
+++ tcllib/trunk/debian/changelog	2015-03-09 12:48:23 UTC (rev 1708)
@@ -1,8 +1,9 @@
-tcllib (1.16-dfsg-2) UNRELEASED; urgency=low
+tcllib (1.16-dfsg-2) unstable; urgency=medium
 
-  * NOT RELEASED YET
+  * Added a patch from upstream which fixes an XSS vulnerability in
+    the html module for <textarea/> elements (closes: #780100).
 
- -- Sergei Golovan <sgolovan at debian.org>  Wed, 12 Feb 2014 13:32:45 +0400
+ -- Sergei Golovan <sgolovan at debian.org>  Mon, 09 Mar 2015 15:12:05 +0300
 
 tcllib (1.16-dfsg-1) unstable; urgency=low
 

Added: tcllib/trunk/debian/patches/html-textarea-xss.patch
===================================================================
--- tcllib/trunk/debian/patches/html-textarea-xss.patch	                        (rev 0)
+++ tcllib/trunk/debian/patches/html-textarea-xss.patch	2015-03-09 12:48:23 UTC (rev 1708)
@@ -0,0 +1,16 @@
+Author: upstream
+Description: Patch fixes an XSS vulnerability in <textarea/> HTML element in
+    the html Tcllib module
+Last-Modified: Mon, 09 Mar 2015 15:06:15 +0300
+
+--- a/modules/html/html.tcl
++++ b/modules/html/html.tcl
+@@ -912,7 +912,7 @@
+ #	The html fragment
+ 
+ proc ::html::textarea {name {param {}} {current {}}} {
+-    ::set value [ncgi::value $name $current]
++    ::set value [quoteFormValue [ncgi::value $name $current]]
+     return "<[string trimright \
+ 	"textarea name=\"$name\"\
+ 		[tagParam textarea $param]"]>$value</textarea>\n"

Modified: tcllib/trunk/debian/patches/series
===================================================================
--- tcllib/trunk/debian/patches/series	2015-03-09 08:49:55 UTC (rev 1707)
+++ tcllib/trunk/debian/patches/series	2015-03-09 12:48:23 UTC (rev 1708)
@@ -1 +1 @@
-#
+html-textarea-xss.patch

More information about the Pkg-tcltk-commits mailing list