rpms/roundcubemail/F-10 roundcubemail-0.2-CVE-2009-0413.patch, NONE, 1.1
Jon Ciesla
limb at fedoraproject.org
Wed Feb 4 16:27:33 UTC 2009
Author: limb
Update of /cvs/pkgs/rpms/roundcubemail/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8399
Added Files:
roundcubemail-0.2-CVE-2009-0413.patch
Log Message:
Dammit.
roundcubemail-0.2-CVE-2009-0413.patch:
--- NEW FILE roundcubemail-0.2-CVE-2009-0413.patch ---
--- CHANGELOG~ 2009-02-04 09:58:46.000000000 -0600
+++ CHANGELOG 2009-02-04 09:58:46.000000000 -0600
@@ -3,0 +4,4 @@
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
--- program/lib/washtml.php~ 2009-02-04 10:01:02.000000000 -0600
+++ program/lib/washtml.php 2009-02-04 10:01:02.000000000 -0600
@@ -83 +83 @@
- static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background');
+ static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');
@@ -163 +163 @@
- ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value)))
+ ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value)))
@@ -167 +167 @@
- else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
+ else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
@@ -171 +171 @@
- else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+ else if(preg_match('/^(http|https|ftp):.+/i', $value)) {
@@ -177 +177 @@
- $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
+ $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
More information about the fedora-extras-commits
mailing list