From 0cc1797afa063761ab7e547bf805b4cb85accb78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= Date: Mon, 16 May 2016 20:23:43 +0200 Subject: Bug 1253263 - (CVE-2016-2803) [SECURITY] XSS vulnerability in dependency graphs via bug summary r/a=dkl --- showdependencygraph.cgi | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/showdependencygraph.cgi b/showdependencygraph.cgi index 6d4cb1e71..7b2d2f55d 100755 --- a/showdependencygraph.cgi +++ b/showdependencygraph.cgi @@ -55,13 +55,19 @@ sub CreateImagemap { $default = qq{\n}; } - if ($line =~ /^rectangle \((.*),(.*)\) \((.*),(.*)\) (http[^ ]*) (\d+)(\\n.*)?$/) { + if ($line =~ /^rectangle \((\d+),(\d+)\) \((\d+),(\d+)\) (http[^ ]*) (\d+)(?:\\n.*)?$/) { my ($leftx, $rightx, $topy, $bottomy, $url, $bugid) = ($1, $3, $2, $4, $5, $6); # Pick up bugid from the mapdata label field. Getting the title from # bugtitle hash instead of mapdata allows us to get the summary even # when showsummary is off, and also gives us status and resolution. + # This text is safe; it has already been escaped. my $bugtitle = $bugtitles{$bugid}; + + # The URL is supposed to be safe, because it's built manually. + # But in case someone manages to inject code, it's safer to escape it. + $url = html_quote($url); + $map .= qq{bug $bugid\n}; -- cgit v1.2.1 From 797fe81e3cc1280ca609aed8bc230fa2338a7560 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 16 May 2016 18:43:56 +0000 Subject: Bumped version to 5.0.3 --- Bugzilla/Constants.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 015a25572..8b2eeac24 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -200,7 +200,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "5.0.2+"; +use constant BUGZILLA_VERSION => "5.0.3"; # A base link to the current REST Documentation. We place it here # as it will need to be updated to whatever the current release is. -- cgit v1.2.1 From 40d86a554f5da8f5ede4b3982460be7a95fd1379 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 16 May 2016 20:03:20 +0000 Subject: Bumped version post-release --- Bugzilla/Constants.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index 8b2eeac24..479212686 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -200,7 +200,7 @@ use Memoize; # CONSTANTS # # Bugzilla version -use constant BUGZILLA_VERSION => "5.0.3"; +use constant BUGZILLA_VERSION => "5.0.3+"; # A base link to the current REST Documentation. We place it here # as it will need to be updated to whatever the current release is. -- cgit v1.2.1