~ubuntu-branches/ubuntu/hardy/drupal5/hardy-security

Viewing changes to debian/patches/22_SA-CORE-2009-009.dpatch

Committer: Bazaar Package Importer
Author(s): Artur Rona
Date: 2010-01-31 14:40:34 UTC
Revision ID: james.westby@ubuntu.com-20100131144034-onvb0o15xzsq7eo9

Tags: 5.7-1ubuntu1.2

* SECURITY UPDATE: Multiple vulnerabilities and weaknesses
  were discovered in Drupal. (LP: #431080):
  - 13_SA-2008-047
  - 14_SA-2008-060
  - 15_SA-2008-067
  - 16_SA-2008-073
  - 17_SA-CORE-2009-001
  - 18_SA-CORE-2009-005
  - 19_SA-CORE-2009-006
  - 20_SA-CORE-2009-007
  - 21_SA-CORE-2009-008
  - 22_SA-CORE-2009-009

* Fixes:
  - CVE-2008-6171
  - CVE-2008-6532
  - CVE-2008-6533
  - CVE-2009-1576
  - CVE-2009-2372
  - CVE-2009-2373
  - CVE-2009-2374
  - CVE-2009-4370

files added:
debian/patches/13_SA-2008-047.dpatch

debian/patches/14_SA-2008-060.dpatch

debian/patches/15_SA-2008-067.dpatch

debian/patches/16_SA-2008-073.dpatch

debian/patches/17_SA-CORE-2009-001.dpatch

debian/patches/18_SA-CORE-2009-005.dpatch

debian/patches/19_SA-CORE-2009-006.dpatch

debian/patches/20_SA-CORE-2009-007.dpatch

debian/patches/21_SA-CORE-2009-008.dpatch

debian/patches/22_SA-CORE-2009-009.dpatch

files modified:
debian/changelog

debian/patches/00list

Show diffs side-by-side

added added

removed removed

debian/patches/22_SA-CORE-2009-009.dpatch

#! /bin/sh /usr/share/dpatch/dpatch-run

## 22_SA-CORE-2009-009.dpatch by Artur Rona <ari-tczew@tlen.pl>

## All lines beginning with `## DP:' are a description of the patch.

## DP: Multiple vulnerabilities and weaknesses were discovered in Drupal.

## Ubuntu: https://bugs.launchpad.net/bugs/431080

## Upstream: http://drupal.org/node/661586

## Patch: http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-5.20.patch

@DPATCH@

diff -pruN -x '*~' drupal-5.10.orig/modules/contact/contact.module drupal-5.10/modules/contact/contact.module

--- drupal-5.10.orig/modules/contact/contact.module 2007-06-05 09:18:05.000000000 +0200

+++ drupal-5.10/modules/contact/contact.module 2009-12-20 22:08:32.000000000 +0100

@@ -145,7 +145,7 @@ function contact_admin_categories() {

$result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');

$rows = array();

while ($category = db_fetch_object($result)) {

- $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));

+ $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));

}

$header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));

Older »