Projects
Kolab:3.4:Updates
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 9
View file
roundcubemail.spec
Changed
@@ -43,7 +43,7 @@ Name: roundcubemail Version: 1.1.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client @@ -61,6 +61,8 @@ Patch201: ticket-466-changes.patch Patch202: default-configuration.patch +Patch203: CVE-2016-5103.patch + BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n) @@ -1246,6 +1248,7 @@ %patch201 -p1 %patch202 -p1 +%patch203 -p1 # Remove the results of patching when there's an incidental offset find . -type f -name "*.orig" -delete @@ -3000,6 +3003,9 @@ %defattr(-,root,root,-) %changelog +* Fri May 27 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.5-2 +- apply security patch for XSS vulnerability CVE-2016-5103 + * Fri May 13 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.5-1 - Check in maintenance upstream 1.1.5 release
View file
CVE-2016-5103.patch
Added
@@ -0,0 +1,67 @@ +From 7d14065baa6c51346e0ec0253c06ac822f082278 Mon Sep 17 00:00:00 2001 +From: Aleksander Machniak <alec@alec.pl> +Date: Fri, 6 May 2016 08:28:15 +0200 +Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241) + +Conflicts: + + CHANGELOG +--- + CHANGELOG | 1 + + program/lib/Roundcube/rcube_washtml.php | 2 +- + tests/Framework/Washtml.php | 17 +++++++++++++++++ + 3 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 4d7719a..7420e7c 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -3,6 +3,7 @@ CHANGELOG Roundcube Webmail + + - Fix message list multi-select/deselect issue (#5219) + - Fix bug where contact search menu fields where always unchecked in Larry skin ++- Fix XSS issue in href attribute on area tag (#5240) + + RELEASE 1.1.5 + ------------- +diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php +index 54c1cd8..6535e3b 100644 +--- a/program/lib/Roundcube/rcube_washtml.php ++++ b/program/lib/Roundcube/rcube_washtml.php +@@ -370,7 +370,7 @@ private function wash_uri($uri, $blocked_source = false) + */ + private function is_link_attribute($tag, $attr) + { +- return $tag == 'a' && $attr == 'href'; ++ return ($tag == 'a' || $tag == 'area') && $attr == 'href'; + } + + /** +diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php +index 9515f0d..2e68179 100644 +--- a/tests/Framework/Washtml.php ++++ b/tests/Framework/Washtml.php +@@ -38,6 +38,23 @@ function test_href() + } + + /** ++ * Test XSS in area's href (#5240) ++ */ ++ function test_href_area() ++ { ++ $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' ++ . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' ++ . '<area href="javascript:alert(document.domain)" shape=default>'; ++ ++ $washer = new rcube_washtml; ++ $washed = $washer->wash($html); ++ ++ $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); ++ $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); ++ $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); ++ } ++ ++ /** + * Test handling HTML comments + */ + function test_comments()
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1:1.1.5.0-0~kolab2) unstable; urgency=low + + * apply security patch for XSS vulnerability CVE-2016-5103 + + -- Timotheus Pokorra <tp@tbits.net> Fri, 27 May 2016 08:42:00 +0200 + roundcubemail (1:1.1.5.0-0~kolab1) unstable; urgency=low * Check in maintenance upstream 1.1.5 release
View file
debian.series
Changed
@@ -1,2 +1,3 @@ default-configuration.patch -p1 ticket-466-changes.patch -p1 +CVE-2016-5103.patch -p1
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.1.5-0~kolab1 +Version: 1:1.1.5-0~kolab2 Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Uploaders: Vincent Bernat <bernat@debian.org>, Romain Beauxis <toots@rastageeks.org>, Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>, Paul Klos <kolab@klos2day.nl> Homepage: http://www.roundcube.net/
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.