From c066113f9e77a9abb9138b5931fb7763a71764f2 Mon Sep 17 00:00:00 2001 From: Xavier Bachelot Date: Wed, 1 Feb 2012 09:56:15 +0100 Subject: [PATCH] CVE-2012-0448 --- bugzilla-3.2.10-CVE-2012-0448.patch | 52 +++++++++++++++++++++++++++++++++++ bugzilla.spec | 7 ++++- 2 files changed, 58 insertions(+), 1 deletions(-) create mode 100644 bugzilla-3.2.10-CVE-2012-0448.patch diff --git a/bugzilla-3.2.10-CVE-2012-0448.patch b/bugzilla-3.2.10-CVE-2012-0448.patch new file mode 100644 index 0000000..a4be42b --- /dev/null +++ b/bugzilla-3.2.10-CVE-2012-0448.patch @@ -0,0 +1,52 @@ +diff -Naur Bugzilla/Util.pm Bugzilla/Util.pm +--- Bugzilla/Util.pm 2011-01-24 23:07:59.000000000 +0100 ++++ Bugzilla/Util.pm 2012-02-01 09:17:53.414276564 +0100 +@@ -559,7 +559,7 @@ + sub validate_email_syntax { + my ($addr) = @_; + my $match = Bugzilla->params->{'emailregexp'}; +- my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/); ++ my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/); + if ($ret) { + # We assume these checks to suffice to consider the address untainted. + trick_taint($_[0]); +diff -Naur editflagtypes.cgi editflagtypes.cgi +--- editflagtypes.cgi 2009-02-02 20:01:12.000000000 +0100 ++++ editflagtypes.cgi 2012-02-01 09:17:53.415276556 +0100 +@@ -578,7 +578,7 @@ + # - do not contain any illegal character. + foreach my $address (@addresses) { + ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/ +- && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) ++ && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/) + || ThrowUserError('illegal_email_address', + {addr => $address, default => 1}); + } +diff -Naur template/en/default/global/code-error.html.tmpl template/en/default/global/code-error.html.tmpl +--- template/en/default/global/code-error.html.tmpl 2012-02-01 09:17:00.561730124 +0100 ++++ template/en/default/global/code-error.html.tmpl 2012-02-01 09:17:53.415276556 +0100 +@@ -58,8 +58,7 @@ + [% ELSE %] + [%+ Param('emailregexpdesc') %] + [% END %] +- It must also not contain any of these special characters: +- \ ( ) & < > , ; : " [ ], or any whitespace. ++ It also must not contain any illegal characters. + + [% ELSIF error == "authres_unhandled" %] + The result value of [% value FILTER html %] was not handled by +diff -Naur template/en/default/global/user-error.html.tmpl template/en/default/global/user-error.html.tmpl +--- template/en/default/global/user-error.html.tmpl 2012-02-01 09:17:00.557730158 +0100 ++++ template/en/default/global/user-error.html.tmpl 2012-02-01 09:17:53.417276540 +0100 +@@ -748,9 +748,8 @@ + [% ELSE %] + [%+ Param('emailregexpdesc') %] + [% END %] +- It must also not contain any of these special characters: +- \ ( ) & < > , ; : " [ ], or any whitespace. +- ++ It also must not contain any illegal characters. ++ + [% ELSIF error == "illegal_frequency" %] + [% title = "Too Frequent" %] + Unless you are an administrator, you may not create series which are diff --git a/bugzilla.spec b/bugzilla.spec index 3063b6f..4cc2980 100644 --- a/bugzilla.spec +++ b/bugzilla.spec @@ -6,7 +6,7 @@ URL: http://www.bugzilla.org/ Name: bugzilla Version: 3.2.10 Group: Applications/Publishing -Release: 3%{?dist} +Release: 4%{?dist} License: MPLv1.1 Source0: http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-%{version}.tar.gz Source1: bugzilla-httpd-conf @@ -20,6 +20,7 @@ Patch5: bugzilla-3.2.10-CVE-2011-2976.patch Patch6: bugzilla-3.2.10-CVE-2011-2978.patch Patch7: bugzilla-3.2.10-CVE-2011-3657.patch Patch8: bugzilla-3.2.10-CVE-2011-3667.patch +Patch9: bugzilla-3.2.10-CVE-2012-0448.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -67,6 +68,7 @@ set -x %patch6 -p0 %patch7 -p0 %patch8 -p0 +%patch9 -p0 # Filter unwanted Requires found by /usr/lib/rpm/perldeps.pl: # create a wrapper script which runs the original perl_requires @@ -168,6 +170,9 @@ popd > /dev/null) %{bzinstallprefix}/bugzilla/contrib %changelog +* Wed Feb 01 2012 Xavier Bachelot - 3.2.10-4 +- Add patch for CVE-2012-0448. + * Thu Dec 29 2011 Xavier Bachelot - 3.2.10-3 - Add patches for CVE-2011-3657 and CVE-2011-3667. -- 1.7.7.6