diff --git a/phpPgAdmin-CVE-2008-5587.patch b/phpPgAdmin-CVE-2008-5587.patch new file mode 100644 index 0000000..899001c --- /dev/null +++ b/phpPgAdmin-CVE-2008-5587.patch @@ -0,0 +1,11 @@ +--- libraries/lib.inc.php ++++ libraries/lib.inc.php +@@ -95,6 +95,8 @@ + } + + // Determine language file to import: ++ unset($_language); ++ + // 1. Check for the language from a request var + if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']])) + $_language = $_REQUEST['language']; diff --git a/phpPgAdmin.changes b/phpPgAdmin.changes index 1931b30..ce87082 100644 --- a/phpPgAdmin.changes +++ b/phpPgAdmin.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 3 14:56:06 CET 2009 - max@suse.de + +- Added phpPgAdmin-CVE-2008-5587.patch to fix a directory + traversal vulnerability (bnc#462762). + ------------------------------------------------------------------- Tue Apr 8 14:55:15 CEST 2008 - tpatzig@suse.de diff --git a/phpPgAdmin.spec b/phpPgAdmin.spec index 84c77c2..9aea4db 100644 --- a/phpPgAdmin.spec +++ b/phpPgAdmin.spec @@ -1,10 +1,17 @@ # # spec file for package phpPgAdmin (Version 4.2) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -14,12 +21,13 @@ Name: phpPgAdmin Summary: phpPgAdmin is a web-based administration tool for PostgreSQL BuildRequires: apache2 Version: 4.2 -Release: 1 +Release: 55 License: GPL v2 or later Group: Productivity/Databases/Tools Requires: php5-pgsql apache2-mod_php5 Url: http://phppgadmin.sourceforge.net Source0: %{name}-%{version}.tar.bz2 +Patch1: phpPgAdmin-CVE-2008-5587.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -56,6 +64,7 @@ Authors: %prep %setup -q +%patch1 %build @@ -76,6 +85,9 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) /srv/www/htdocs/%{name}/conf/config.inc.php %changelog +* Tue Feb 03 2009 max@suse.de +- Added phpPgAdmin-CVE-2008-5587.patch to fix a directory + traversal vulnerability (bnc#462762). * Tue Apr 08 2008 tpatzig@suse.de - update to Version 4.2 * Add Analyze to Table Level Actions (ioguix)