diff --git a/websvn-2.3.3-CVE-2016-2511.patch b/websvn-2.3.3-CVE-2016-2511.patch new file mode 100644 index 0000000..9c270bb --- /dev/null +++ b/websvn-2.3.3-CVE-2016-2511.patch @@ -0,0 +1,11 @@ +--- orig/include/setup.php 2016-02-19 16:02:05.674756241 +0100 ++++ new/include/setup.php 2016-02-19 16:02:10.166832543 +0100 +@@ -467,7 +467,7 @@ + $vars['validationurl'] = getFullURL($_SERVER['SCRIPT_NAME']).'?'.buildQuery($queryParams + array('template' => $template, 'language' => $language), '%26'); + + // To avoid a possible XSS exploit, need to clean up the passed-in path first +-$path = !empty($_REQUEST['path']) ? $_REQUEST['path'] : null; ++$path = !empty($_REQUEST['path']) ? escape($_REQUEST['path']) : null; + if ($path === null || $path === '') + $path = '/'; + $vars['safepath'] = escape($path); diff --git a/websvn.spec b/websvn.spec index e6ca9f1..ca8d25c 100644 --- a/websvn.spec +++ b/websvn.spec @@ -1,6 +1,6 @@ Name: websvn Version: 2.3.3 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Online subversion repository browser Group: Applications/System @@ -11,6 +11,7 @@ Source1: websvn-httpd.conf Patch1: websvn-2.3.3-use_system_libs.patch # https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=websvn_symlinks.patch;att=1;bug=775682 Patch2: websvn-2.3.3-CVE-2013-6892.patch +Patch3: websvn-2.3.3-CVE-2016-2511.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -52,6 +53,8 @@ SElinux context for %{name}. rm -rf lib/ # CVE-2013-6892 %patch2 -p1 +# CVE-2016-2511 +%patch3 -p1 mv include/distconfig.php include/config.php find templates/calm -type f -exec chmod -R a-x {} ';' @@ -127,6 +130,9 @@ fi %changelog +* Tue Mar 01 2016 Xavier Bachelot 2.3.3-12 +- Add patch for CVE-2016-2511 (RHBZ#1310758). + * Fri Feb 05 2016 Fedora Release Engineering - 2.3.3-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild