head 1.2;
access;
symbols
pkgsrc-2026Q1:1.2.0.46
pkgsrc-2026Q1-base:1.2
pkgsrc-2025Q4:1.2.0.44
pkgsrc-2025Q4-base:1.2
pkgsrc-2025Q3:1.2.0.42
pkgsrc-2025Q3-base:1.2
pkgsrc-2025Q2:1.2.0.40
pkgsrc-2025Q2-base:1.2
pkgsrc-2025Q1:1.2.0.38
pkgsrc-2025Q1-base:1.2
pkgsrc-2024Q4:1.2.0.36
pkgsrc-2024Q4-base:1.2
pkgsrc-2024Q3:1.2.0.34
pkgsrc-2024Q3-base:1.2
pkgsrc-2024Q2:1.2.0.32
pkgsrc-2024Q2-base:1.2
pkgsrc-2024Q1:1.2.0.30
pkgsrc-2024Q1-base:1.2
pkgsrc-2023Q4:1.2.0.28
pkgsrc-2023Q4-base:1.2
pkgsrc-2023Q3:1.2.0.26
pkgsrc-2023Q3-base:1.2
pkgsrc-2023Q2:1.2.0.24
pkgsrc-2023Q2-base:1.2
pkgsrc-2023Q1:1.2.0.22
pkgsrc-2023Q1-base:1.2
pkgsrc-2022Q4:1.2.0.20
pkgsrc-2022Q4-base:1.2
pkgsrc-2022Q3:1.2.0.18
pkgsrc-2022Q3-base:1.2
pkgsrc-2022Q2:1.2.0.16
pkgsrc-2022Q2-base:1.2
pkgsrc-2022Q1:1.2.0.14
pkgsrc-2022Q1-base:1.2
pkgsrc-2021Q4:1.2.0.12
pkgsrc-2021Q4-base:1.2
pkgsrc-2021Q3:1.2.0.10
pkgsrc-2021Q3-base:1.2
pkgsrc-2021Q2:1.2.0.8
pkgsrc-2021Q2-base:1.2
pkgsrc-2021Q1:1.2.0.6
pkgsrc-2021Q1-base:1.2
pkgsrc-2020Q4:1.2.0.4
pkgsrc-2020Q4-base:1.2
pkgsrc-2020Q3:1.2.0.2
pkgsrc-2020Q3-base:1.2
pkgsrc-2020Q2:1.1.0.98
pkgsrc-2020Q2-base:1.1
pkgsrc-2020Q1:1.1.0.78
pkgsrc-2020Q1-base:1.1
pkgsrc-2019Q4:1.1.0.100
pkgsrc-2019Q4-base:1.1
pkgsrc-2019Q3:1.1.0.96
pkgsrc-2019Q3-base:1.1
pkgsrc-2019Q2:1.1.0.94
pkgsrc-2019Q2-base:1.1
pkgsrc-2019Q1:1.1.0.92
pkgsrc-2019Q1-base:1.1
pkgsrc-2018Q4:1.1.0.90
pkgsrc-2018Q4-base:1.1
pkgsrc-2018Q3:1.1.0.88
pkgsrc-2018Q3-base:1.1
pkgsrc-2018Q2:1.1.0.86
pkgsrc-2018Q2-base:1.1
pkgsrc-2018Q1:1.1.0.84
pkgsrc-2018Q1-base:1.1
pkgsrc-2017Q4:1.1.0.82
pkgsrc-2017Q4-base:1.1
pkgsrc-2017Q3:1.1.0.80
pkgsrc-2017Q3-base:1.1
pkgsrc-2017Q2:1.1.0.76
pkgsrc-2017Q2-base:1.1
pkgsrc-2017Q1:1.1.0.74
pkgsrc-2017Q1-base:1.1
pkgsrc-2016Q4:1.1.0.72
pkgsrc-2016Q4-base:1.1
pkgsrc-2016Q3:1.1.0.70
pkgsrc-2016Q3-base:1.1
pkgsrc-2016Q2:1.1.0.68
pkgsrc-2016Q2-base:1.1
pkgsrc-2016Q1:1.1.0.66
pkgsrc-2016Q1-base:1.1
pkgsrc-2015Q4:1.1.0.64
pkgsrc-2015Q4-base:1.1
pkgsrc-2015Q3:1.1.0.62
pkgsrc-2015Q3-base:1.1
pkgsrc-2015Q2:1.1.0.60
pkgsrc-2015Q2-base:1.1
pkgsrc-2015Q1:1.1.0.58
pkgsrc-2015Q1-base:1.1
pkgsrc-2014Q4:1.1.0.56
pkgsrc-2014Q4-base:1.1
pkgsrc-2014Q3:1.1.0.54
pkgsrc-2014Q3-base:1.1
pkgsrc-2014Q2:1.1.0.52
pkgsrc-2014Q2-base:1.1
pkgsrc-2014Q1:1.1.0.50
pkgsrc-2014Q1-base:1.1
pkgsrc-2013Q4:1.1.0.48
pkgsrc-2013Q4-base:1.1
pkgsrc-2013Q3:1.1.0.46
pkgsrc-2013Q3-base:1.1
pkgsrc-2013Q2:1.1.0.44
pkgsrc-2013Q2-base:1.1
pkgsrc-2013Q1:1.1.0.42
pkgsrc-2013Q1-base:1.1
pkgsrc-2012Q4:1.1.0.40
pkgsrc-2012Q4-base:1.1
pkgsrc-2012Q3:1.1.0.38
pkgsrc-2012Q3-base:1.1
pkgsrc-2012Q2:1.1.0.36
pkgsrc-2012Q2-base:1.1
pkgsrc-2012Q1:1.1.0.34
pkgsrc-2012Q1-base:1.1
pkgsrc-2011Q4:1.1.0.32
pkgsrc-2011Q4-base:1.1
pkgsrc-2011Q3:1.1.0.30
pkgsrc-2011Q3-base:1.1
pkgsrc-2011Q2:1.1.0.28
pkgsrc-2011Q2-base:1.1
pkgsrc-2011Q1:1.1.0.26
pkgsrc-2011Q1-base:1.1
pkgsrc-2010Q4:1.1.0.24
pkgsrc-2010Q4-base:1.1
pkgsrc-2010Q3:1.1.0.22
pkgsrc-2010Q3-base:1.1
pkgsrc-2010Q2:1.1.0.20
pkgsrc-2010Q2-base:1.1
pkgsrc-2010Q1:1.1.0.18
pkgsrc-2010Q1-base:1.1
pkgsrc-2009Q4:1.1.0.16
pkgsrc-2009Q4-base:1.1
pkgsrc-2009Q3:1.1.0.14
pkgsrc-2009Q3-base:1.1
pkgsrc-2009Q2:1.1.0.12
pkgsrc-2009Q2-base:1.1
pkgsrc-2009Q1:1.1.0.10
pkgsrc-2009Q1-base:1.1
pkgsrc-2008Q4:1.1.0.8
pkgsrc-2008Q4-base:1.1
pkgsrc-2008Q3:1.1.0.6
pkgsrc-2008Q3-base:1.1
cube-native-xorg:1.1.0.4
cube-native-xorg-base:1.1
pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment @# @;
1.2
date 2020.09.07.10.34.52; author mef; state Exp;
branches;
next 1.1;
commitid yzziWc1Qkbzet6nC;
1.1
date 2008.07.25.02.55.27; author tonnerre; state Exp;
branches
1.1.2.1;
next ;
1.1.2.1
date 2008.07.25.02.55.27; author rtr; state dead;
branches;
next 1.1.2.2;
1.1.2.2
date 2008.07.25.10.06.29; author rtr; state Exp;
branches;
next ;
desc
@@
1.2
log
@(sysutils/webmin) Add comments for patches
@
text
@$NetBSD: patch-am,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
--- mysql/search_form.cgi.orig 2007-09-21 23:26:42.000000000 +0200
+++ mysql/search_form.cgi
@@@@ -12,7 +12,8 @@@@ require './view-lib.pl';
&can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
@@str = &table_structure($in{'db'}, $in{'table'});
-$desc = &text('table_header', "$in{'table'}", "$in{'db'}");
+$desc = &text('table_header', "" . &html_escape($in{'table'}) .
+ "", "" . &html_escape($in{'db'}) . "");
&ui_print_header($desc, $text{'adv_title'}, "");
print &ui_form_start("view_table.cgi", "post");
@@@@ -36,13 +37,13 @@@@ print "\n";
print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
if ($access{'edonly'}) {
- &ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}
else {
- &ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
- $text{'table_return'},
- "edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
+ "&table=" . &urlize($in{'table'}), $text{'table_return'},
+ "edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}
@
1.1
log
@Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).
@
text
@d1 4
a4 1
$NetBSD$
@
1.1.2.1
log
@file patch-am was added on branch pkgsrc-2008Q2 on 2008-07-25 10:06:29 +0000
@
text
@d1 34
@
1.1.2.2
log
@pullup ticket #2462 requested by tonnerre
webmin: patch for various security vulnerabilities
revisions pulled up:
pkgsrc/sysutils/webmin/Makefile 1.24
pkgsrc/sysutils/webmin/distinfo 1.16
pkgsrc/sysutils/webmin/patches/patch-ac 1.3
pkgsrc/sysutils/webmin/patches/patch-aj 1.1
pkgsrc/sysutils/webmin/patches/patch-ak 1.1
pkgsrc/sysutils/webmin/patches/patch-al 1.1
pkgsrc/sysutils/webmin/patches/patch-am 1.1
pkgsrc/sysutils/webmin/patches/patch-an 1.1
pkgsrc/sysutils/webmin/patches/patch-ao 1.1
pkgsrc/sysutils/webmin/patches/patch-ap 1.1
pkgsrc/sysutils/webmin/patches/patch-aq 1.1
pkgsrc/sysutils/webmin/patches/patch-ar 1.1
pkgsrc/sysutils/webmin/patches/patch-as 1.1
pkgsrc/sysutils/webmin/patches/patch-at 1.1
pkgsrc/sysutils/webmin/patches/patch-au 1.1
pkgsrc/sysutils/webmin/patches/patch-av 1.1
pkgsrc/sysutils/webmin/patches/patch-aw 1.1
pkgsrc/sysutils/webmin/patches/patch-ax 1.1
pkgsrc/sysutils/webmin/patches/patch-ay 1.1
pkgsrc/sysutils/webmin/patches/patch-az 1.1
Module Name: pkgsrc
Committed By: tonnerre
Date: Fri Jul 25 02:55:28 UTC 2008
Modified Files:
pkgsrc/sysutils/webmin: Makefile distinfo
Added Files:
pkgsrc/sysutils/webmin/patches: patch-ac patch-aj patch-ak
patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as
patch-at patch-au patch-av patch-aw patch-ax patch-ay
patch-az
Log Message:
Fix various cross site scripting, arbitrary command execution and
various other vulnerabilities in webmin (CVE-2008-0720).
@
text
@a0 34
$NetBSD: patch-am,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
--- mysql/search_form.cgi.orig 2007-09-21 23:26:42.000000000 +0200
+++ mysql/search_form.cgi
@@@@ -12,7 +12,8 @@@@ require './view-lib.pl';
&can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
@@str = &table_structure($in{'db'}, $in{'table'});
-$desc = &text('table_header', "$in{'table'}", "$in{'db'}");
+$desc = &text('table_header', "" . &html_escape($in{'table'}) .
+ "", "" . &html_escape($in{'db'}) . "");
&ui_print_header($desc, $text{'adv_title'}, "");
print &ui_form_start("view_table.cgi", "post");
@@@@ -36,13 +37,13 @@@@ print "\n";
print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
if ($access{'edonly'}) {
- &ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}
else {
- &ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
- $text{'table_return'},
- "edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
+ "&table=" . &urlize($in{'table'}), $text{'table_return'},
+ "edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}
@