rpms/roundcubemail/F-10 roundcubemail-0.2-CVE-2009-0413.patch, NONE, 1.1

Jon Ciesla limb at fedoraproject.org
Wed Feb 4 16:27:33 UTC 2009 

Author: limb

Update of /cvs/pkgs/rpms/roundcubemail/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8399

Added Files:
	roundcubemail-0.2-CVE-2009-0413.patch 
Log Message:
Dammit.


roundcubemail-0.2-CVE-2009-0413.patch:

--- NEW FILE roundcubemail-0.2-CVE-2009-0413.patch ---
--- CHANGELOG~	2009-02-04 09:58:46.000000000 -0600
+++ CHANGELOG	2009-02-04 09:58:46.000000000 -0600
@@ -3,0 +4,4 @@
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
--- program/lib/washtml.php~	2009-02-04 10:01:02.000000000 -0600
+++ program/lib/washtml.php	2009-02-04 10:01:02.000000000 -0600
@@ -83 +83 @@
-  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir', 'background');  
+  static $html_attribs = array('name', 'class', 'title', 'alt', 'width', 'height', 'align', 'nowrap', 'col', 'row', 'id', 'rowspan', 'colspan', 'cellspacing', 'cellpadding', 'valign', 'bgcolor', 'color', 'border', 'bordercolorlight', 'bordercolordark', 'face', 'marginwidth', 'marginheight', 'axis', 'border', 'abbr', 'char', 'charoff', 'clear', 'compact', 'coords', 'vspace', 'hspace', 'cellborder', 'size', 'lang', 'dir');  
@@ -163 +163 @@
-         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.*/i', $value)))
+         ($key == 'href' && preg_match('/^(http|https|ftp|mailto):.+/i', $value)))
@@ -167 +167 @@
-      else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
+      else if($key == 'background' || ($key == 'src' && strtolower($node->tagName) == 'img')) { //check tagName anyway
@@ -171 +171 @@
-        else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+        else if(preg_match('/^(http|https|ftp):.+/i', $value)) {
@@ -177 +177 @@
-              $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
+              $t .= ' ' . $key . '="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';

More information about the fedora-extras-commits mailing list