Hello community, here is the log from the commit of package horde checked in at Wed Apr 5 17:53:07 CEST 2006. -------- --- horde/horde.changes 2006-04-03 15:45:59.000000000 +0200 +++ horde/horde.changes 2006-04-05 14:10:23.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Apr 5 14:18:27 CEST 2006 - mmarek@suse.cz + +- fix displaying arbitrary files in services/go.php + [#163681] (CVE-2006-1260.patch) + +------------------------------------------------------------------- New: ---- horde-3.0.9-CVE-2006-1260.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ horde.spec ++++++ --- /var/tmp/diff_new_pack.TpLhKE/_old 2006-04-05 17:52:53.000000000 +0200 +++ /var/tmp/diff_new_pack.TpLhKE/_new 2006-04-05 17:52:53.000000000 +0200 @@ -17,11 +17,12 @@ Autoreqprov: on Requires: mod_php_any php-gettext php-mcrypt php-imap php-pear php-pear-log php-session php-dom php php5-pear-auth_sasl php5-pear-date php5-pear-db php5-pear-file php5-pear-mail php5-pear-mail_mime Version: 3.0.9 -Release: 11 +Release: 12 Source0: %{name}-%{version}.tar.bz2 Source2: README.SuSE Patch1: %{name}-%{version}-log.patch Patch2: %{name}-%{version}-eval.patch +Patch3: %{name}-%{version}-CVE-2006-1260.patch URL: http://www.horde.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -46,6 +47,7 @@ %setup -q %patch1 %patch2 +%patch3 grep -ErZl '/usr/(local/)?bin/php' . | \ xargs -0 sed -ri 's@/usr/(local/)?bin/php@/usr/bin/php5@' cp -a %{S:2} . @@ -89,6 +91,9 @@ /usr/share/php5/Horde* %changelog -n horde +* Wed Apr 05 2006 - mmarek@suse.cz +- fix displaying arbitrary files in services/go.php + [#163681] (CVE-2006-1260.patch) * Mon Apr 03 2006 - mmarek@suse.cz - make the Horde library available to external applications [#159337] ++++++ horde-3.0.9-CVE-2006-1260.patch ++++++ --- services/go.php +++ services/go.php @@ -71,7 +71,13 @@ // Pass through image content if requested. if (!empty($_GET['untrusted'])) { - readfile($_GET['url']); + $allowed_protocols = array('http', 'https', 'ftp'); + foreach ($allowed_protocols as $proto) { + if (substr($_GET['url'], 0, strlen($proto) + 3) == $proto . '://') { + readfile($_GET['url']); + exit; + } + } exit; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...