Debian Bug report logs - #410568
CVE-2007-0175: b2evolution "redirect_to" HTML Attribute Cross-Site Scripting

version graph

Package: b2evolution; Maintainer for b2evolution is (unknown);

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 11 Feb 2007 20:03:20 UTC

Severity: important

Tags: patch, security

Fixed in version b2evolution/0.9.2-4

Done: Xavier Luthi <xavier@caroxav.be>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Xavier Luthi <xavier@caroxav.be>:
Bug#410568; Package b2evolution. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Xavier Luthi <xavier@caroxav.be>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2007-0175: b2evolution "redirect_to" HTML Attribute Cross-Site Scripting
Date: Sun, 11 Feb 2007 20:54:50 +0100
Package: b2evolution
Severity: normal
Tags: security patch

b2evolution 1.8.7 fixes a XSS vulnerability that seems to be present in 0.9.2-3.

See [1] for details.

Solution: in the file .../htsrv/login.php replace the $redirect_to in

$error .= ' <a href="'.$redirect_to.'">'.T_('Continue...').'</a>';

by htmlspecialchars($redirect_to)

[1] http://secunia.com/advisories/23656



Reply sent to Xavier Luthi <xavier@caroxav.be>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 410568-close@bugs.debian.org (full text, mbox):

From: Xavier Luthi <xavier@caroxav.be>
To: 410568-close@bugs.debian.org
Subject: Bug#410568: fixed in b2evolution 0.9.2-4
Date: Wed, 09 May 2007 00:32:02 +0000
Source: b2evolution
Source-Version: 0.9.2-4

We believe that the bug you reported is fixed in the latest version of
b2evolution, which is due to be installed in the Debian FTP archive:

b2evolution_0.9.2-4.diff.gz
  to pool/main/b/b2evolution/b2evolution_0.9.2-4.diff.gz
b2evolution_0.9.2-4.dsc
  to pool/main/b/b2evolution/b2evolution_0.9.2-4.dsc
b2evolution_0.9.2-4_all.deb
  to pool/main/b/b2evolution/b2evolution_0.9.2-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 410568@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Luthi <xavier@caroxav.be> (supplier of updated b2evolution package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 30 Mar 2007 14:48:35 +0200
Source: b2evolution
Binary: b2evolution
Architecture: source all
Version: 0.9.2-4
Distribution: unstable
Urgency: high
Maintainer: Xavier Luthi <xavier@caroxav.be>
Changed-By: Xavier Luthi <xavier@caroxav.be>
Description: 
 b2evolution - a multilingual, multiuser, multi-blog engine
Closes: 410568 416648
Changes: 
 b2evolution (0.9.2-4) unstable; urgency=high
 .
   * Patch blogs/htsrv/login.php to fix a Cross-Site Scripting vulnerability
     reported in CVE-2007-0175 (Closes: #410568)
   * Modify the debian/postrm script to use a conditional call to debconf
     (Closes: #416648)
   * debian/control: po-debconf added in Build-Depends (as suggested by a
     lintian error)
Files: 
 7db4f6bc5e7634f3598cec08383b0829 590 web optional b2evolution_0.9.2-4.dsc
 096cc95c9019cce3f6ab60e2d92e2d22 14375 web optional b2evolution_0.9.2-4.diff.gz
 66c9a41c19bcfdda9e233655fd20102f 2777108 web optional b2evolution_0.9.2-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGQRQRyJBzD6P54w4RAqcwAJ41osxUNLLJpR2TjwaLIZ/DOeNw+QCfRqoF
mFGnMUGn6lFjIWkmWPjwuI4=
=g0TT
-----END PGP SIGNATURE-----




Severity set to `important' from `normal' Request was from Touko Korpela <tkorpela@phnet.fi> to control@bugs.debian.org. (Mon, 25 Jun 2007 21:01:32 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 24 Jul 2007 07:35:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:11:44 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.