1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## msa090006_CVE-2009-0501_calendar.dpatch by Kees Cook <kees@ubuntu.com>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Backport upstream fix for calendar export leakage.
6
## DP: MSA-09-0006 / CVE-2009-0501, Thanks to Francois Marier.
9
diff -Nru moodle-1.8.2/calendar/export_execute.php moodle-1.8.2.dfsg/calendar/export_execute.php
10
--- moodle-1.8.2/calendar/export_execute.php 2007-06-19 23:33:11.000000000 -0700
11
+++ moodle-1.8.2.dfsg/calendar/export_execute.php 2009-02-12 11:09:06.000000000 -0800
13
//Fetch user information
14
if (!$user = get_complete_user_data('username', $username)) {
16
- die("No such user '$username'");
17
+ die('Invalid authentication');
20
//Check authentication token
21
if ($authtoken != sha1($username . $user->password)) {
22
- die('Invalid authentication token');
23
+ die('Invalid authentication');
26
$what = optional_param('preset_what', 'all', PARAM_ALPHA);