~ubuntu-branches/ubuntu/natty/empathy/natty-updates

Viewing changes to debian/patches/75_empathy-CVE-2011-3635-lp879301.patch

Committer: Package Import Robot
Author(s): Steve Beattie
Date: 2011-10-25 15:21:46 UTC
mfrom: (146.1.1 natty-proposed)
Revision ID: package-import@ubuntu.com-20111025152146-wxc49chnws08v608

Tags: 2.34.0-0ubuntu3.2

* SECURITY UPDATE: remote HTML injection (LP: #879301)
  - debian/patches/75_empathy-CVE-2011-3635-lp879301.patch: escape
    HTML in when displaying other users' names. (Thanks to upstream
    for patch.)
  - CVE-2011-3635, CVE-2011-4170

files added:
.pc/70_append_messages_in_notifications.patch

.pc/70_append_messages_in_notifications.patch/src

.pc/70_append_messages_in_notifications.patch/src/empathy-chat-window.c

.pc/70_append_messages_in_notifications.patch/src/empathy-status-icon.c

.pc/75_empathy-CVE-2011-3635-lp879301.patch

.pc/75_empathy-CVE-2011-3635-lp879301.patch/libempathy-gtk

.pc/75_empathy-CVE-2011-3635-lp879301.patch/libempathy-gtk/empathy-theme-adium.c

debian/patches/70_append_messages_in_notifications.patch

debian/patches/75_empathy-CVE-2011-3635-lp879301.patch

files modified:
.pc/applied-patches

debian/changelog

debian/control

debian/patches/series

libempathy-gtk/empathy-theme-adium.c

src/empathy-chat-window.c

src/empathy-status-icon.c

Show diffs side-by-side

added added

removed removed

debian/patches/75_empathy-CVE-2011-3635-lp879301.patch

From 739aca418457de752be13721218aaebc74bd9d36 Mon Sep 17 00:00:00 2001

From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>

Date: Tue, 18 Oct 2011 16:32:52 +0000

Subject: theme_adium_append_message: escape alias before displaying it

Not doing so can lead to nasty HTML injection from hostile users.

https://bugzilla.gnome.org/show_bug.cgi?id=662035

and

From 15a4eec2f156c4f60398a9d842279203f475ed89 Mon Sep 17 00:00:00 2001

From: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>

Date: Mon, 24 Oct 2011 08:31:55 +0000

Subject: theme-adium: escape the name in actions as well

CVE-2011-3635 and CVE-2011-4170

[Ubuntu note: backported patch to 2.34 version -- sbeattie]

---

libempathy-gtk/empathy-theme-adium.c | 10 +++++++---

1 file changed, 7 insertions(+), 3 deletions(-)

Index: b/libempathy-gtk/empathy-theme-adium.c

===================================================================

--- a/libempathy-gtk/empathy-theme-adium.c

+++ b/libempathy-gtk/empathy-theme-adium.c

@@ -436,7 +436,7 @@ theme_adium_append_message (EmpathyChatV

EmpathyThemeAdiumPriv *priv = GET_PRIV (theme);

EmpathyContact *sender;

TpAccount *account;

- gchar *body_escaped;

+ gchar *body_escaped, *name_escaped;

const gchar *body;

const gchar *name;

const gchar *contact_id;

@@ -470,15 +470,18 @@ theme_adium_append_message (EmpathyChatV

name = empathy_contact_get_alias (sender);

contact_id = empathy_contact_get_id (sender);

+ name_escaped = g_markup_escape_text (name, -1);

/* If this is a /me, append an event */

if (empathy_message_get_tptype (msg) == TP_CHANNEL_TEXT_MESSAGE_TYPE_ACTION) {

gchar *str;

- str = g_strdup_printf ("%s %s", name, body_escaped);

+ str = g_strdup_printf ("%s %s", name_escaped, body_escaped);

theme_adium_append_event_escaped (view, str);

g_free (str);

g_free (body_escaped);

+ g_free (name_escaped);

return;

}

@@ -600,7 +603,7 @@ theme_adium_append_message (EmpathyChatV

if (html != NULL) {

theme_adium_append_html (theme, func, html, len, body_escaped,

- avatar_filename, name, contact_id,

+ avatar_filename, name_escaped, contact_id,

service_name, message_classes->str,

timestamp, is_backlog);

} else {

@@ -616,6 +619,7 @@ theme_adium_append_message (EmpathyChatV

priv->last_is_backlog = is_backlog;

g_free (body_escaped);

+ g_free (name_escaped);

g_string_free (message_classes, TRUE);

}

Older »