register_globals on is not supported

Debian Bug report logs - #508026
register_globals on is not supported

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <atomo64@gmail.com>

To: submit@bugs.debian.org

Subject: phpPgAdmin: Local File Inclusion Vulnerability

Date: Sat, 6 Dec 2008 20:10:32 -0600

[Message part 1 (text/plain, inline)]

Package: phppgadmin
Version: 4.0.1-3.1
Severity: grave
Tags: security

Hi,

A vulnerability that allows an attacker to perform a local files inclusion 
attack in phpPgAdmin has been exposed at [1].

Note that the vulnerability can only be exploited when register_globals=on 
(which is the default in /etc/phppgadmin/apache.conf).

If you fix the vulnerability please also make sure to include the CVE id in 
the changelog entry, when one is assigned.

[1]http://www.milw0rm.com/exploits/7363

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

[signature.asc (application/pgp-signature, inline)]

Message #8 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: 508026@bugs.debian.org

Subject: phppgadmin: diff for NMU version 4.2.1-1.1

Date: Fri, 12 Dec 2008 18:37:28 +0100

tags 508026 + patch
thanks

Dear maintainer,

I've prepared an NMU for phppgadmin (versioned as 4.2.1-1.1) 

Regards.
diff -u phppgadmin-4.2.1/debian/changelog phppgadmin-4.2.1/debian/changelog
--- phppgadmin-4.2.1/debian/changelog
+++ phppgadmin-4.2.1/debian/changelog
@@ -1,3 +1,10 @@
+phppgadmin (4.2.1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix Local File Inclusion Vulnerability (Closes: #508026) 
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Fri, 12 Dec 2008 17:55:03 +0100
+
 phppgadmin (4.2.1-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2.1/debian/patches/series phppgadmin-4.2.1/debian/patches/series
--- phppgadmin-4.2.1/debian/patches/series
+++ phppgadmin-4.2.1/debian/patches/series
@@ -2,0 +3 @@
+sanitize-include.patch
only in patch4:
unchanged:
--- phppgadmin-4.2.1.orig/debian/patches/sanitize-include.patch
+++ phppgadmin-4.2.1/debian/patches/sanitize-include.patch
@@ -0,0 +1,12 @@
+$_language must be sanitized to prevent Local File Inclusion with register_globals on
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -133,6 +133,8 @@
+ 
+ 	// Import the language file
+ 	if (isset($_language)) {
++		// Sanitize $_language, see #508026
++		$_language = str_replace ('..','',$_language);
+ 		include("./lang/recoded/{$_language}.php");
+ 		$_SESSION['webdbLanguage'] = $_language;
+ 	}

Message #15 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: 508026@bugs.debian.org

Subject: phppgadmin: diff for NMU version 4.2-1.1 (tpu)

Date: Fri, 12 Dec 2008 18:52:19 +0100

Dear maintainer,

I've prepared an NMU for phppgadmin (versioned as 4.2-1.1) 
This is the testing-proposed-updates revision

Regards.
diff -u phppgadmin-4.2/debian/changelog phppgadmin-4.2/debian/changelog
--- phppgadmin-4.2/debian/changelog
+++ phppgadmin-4.2/debian/changelog
@@ -1,3 +1,10 @@
+phppgadmin (4.2-1.1) testing-proposed-updates; urgency=low
+
+  * Non-maintainer upload.
+  * Fix Local File Inclusion Vulnerability (Closes: #508026)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Fri, 12 Dec 2008 18:50:16 +0100
+
 phppgadmin (4.2-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2/debian/patches/series phppgadmin-4.2/debian/patches/series
--- phppgadmin-4.2/debian/patches/series
+++ phppgadmin-4.2/debian/patches/series
@@ -2,0 +3 @@
+sanitize-include.patch
only in patch4:
unchanged:
--- phppgadmin-4.2.orig/debian/patches/sanitize-include.patch
+++ phppgadmin-4.2/debian/patches/sanitize-include.patch
@@ -0,0 +1,12 @@
+$_language must be sanitized to prevent Local File Inclusion with register_globals on
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -133,6 +133,8 @@
+ 
+ 	// Import the language file
+ 	if (isset($_language)) {
++		// Sanitize $_language, see #508026
++		$_language = str_replace ('..','',$_language);
+ 		include("./lang/recoded/{$_language}.php");
+ 		$_SESSION['webdbLanguage'] = $_language;
+ 	}

Message #20 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 508026@bugs.debian.org

Cc: team@security.debian.org, Raphael Geissert <atomo64@gmail.com>, Giuseppe Iuculano <giuseppe@iuculano.it>, control@bugs.debian.org

Subject: register_globals on is not supported

Date: Sun, 14 Dec 2008 12:01:28 +0100

[Message part 1 (text/plain, inline)]

retitle 508026 register_globals on is not supported
thanks

Hi,

Thank you Giuseppe for your work; however, please do not upload it as it 
doesn't address the root cause.

> Note that the vulnerability can only be exploited when register_globals=on 
> (which is the default in /etc/phppgadmin/apache.conf).

Requiring register_globals on is not acceptable for software we support.

As it seems, upstream does already support running in register_globals=0 mode 
for a long time (according to their changelog since 2002...). Therefore I 
guess this bug would be fixed if the statement turning register_globals on 
was removed from the Apache configuration file. Of course this does need some 
thorough testing.

When doing that, including the fix from this bug report aswell is a good idea 
since it can't hurt and will provide some extra protection for those running 
unsafe setups.



cheers,
Thijs

[Message part 2 (application/pgp-signature, inline)]

Message #27 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Thijs Kinkhorst <thijs@debian.org>

Cc: 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>

Subject: Re: register_globals on is not supported

Date: Sun, 14 Dec 2008 12:53:19 +0100

[Message part 1 (text/plain, inline)]

Hi Thijs,

Thijs Kinkhorst ha scritto:
> As it seems, upstream does already support running in register_globals=0 mode 
> for a long time (according to their changelog since 2002...). Therefore I 

Where did you read that? In TODO file I read "* register_globals off support".


Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #32 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: Giuseppe Iuculano <giuseppe@iuculano.it>

Cc: 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>

Subject: Re: register_globals on is not supported

Date: Sun, 14 Dec 2008 13:03:58 +0100

[Message part 1 (text/plain, inline)]

On Sunday 14 December 2008 12:53, Giuseppe Iuculano wrote:
> Thijs Kinkhorst ha scritto:
> > As it seems, upstream does already support running in register_globals=0
> > mode for a long time (according to their changelog since 2002...).
> > Therefore I
>
> Where did you read that? In TODO file I read "* register_globals off
> support".

http://sourceforge.net/mailarchive/forum.php?thread_name=1026152208.3d29d710ad580%40webmail.acucore.com&forum_name=phppgadmin-news
http://sourceforge.net/project/shownotes.php?release_id=98604

So either the TODO is out of sync with reality, or there have been regressions 
since 2.4.2. In any case, releasing in the current state is not acceptable. 
If it has been fixed upstream the PHP setting must be removed, if it hasn't, 
the package should not be in lenny.


cheers,
Thijs

[Message part 2 (application/pgp-signature, inline)]

Message #35 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Raphael Geissert <atomo64@gmail.com>

To: Giuseppe Iuculano <giuseppe@iuculano.it>

Cc: 508026@bugs.debian.org, team@security.debian.org, Thijs Kinkhorst <thijs@debian.org>

Subject: Re: phppgadmin: diff for NMU version 4.2.1-1.1

Date: Mon, 15 Dec 2008 17:06:30 -0600

[Message part 1 (text/plain, inline)]

[it is always nice to Cc the submitter :)]

On Friday 12 December 2008, Giuseppe Iuculano wrote:
> tags 508026 + patch
> thanks
>
[...]
> + 	// Import the language file
> + 	if (isset($_language)) {
> ++		// Sanitize $_language, see #508026
> ++		$_language = str_replace ('..','',$_language);
> + 		include("./lang/recoded/{$_language}.php");
> + 		$_SESSION['webdbLanguage'] = $_language;
> + 	}

No, please do not apply/upload such kind of patches. There are two issues in 
phppgadmin which lead to this bug: a) register_globals=on appears to be 
required, and b) _language is not initialised.

Attached patch fixes the issue.

By initialising _language to null (so that isset returns false) the attack is 
invalidated.

Cheers,
-- 
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

[phppgadmin.patch (text/x-diff, inline)]

diff -urpN phppgadmin-4.2.orig/libraries/lib.inc.php phppgadmin-4.2/libraries/lib.inc.php
--- phppgadmin-4.2.orig/libraries/lib.inc.php	2008-04-05 19:10:35.000000000 -0600
+++ phppgadmin-4.2/libraries/lib.inc.php	2008-12-15 17:02:40.000000000 -0600
@@ -94,6 +94,8 @@
 		$_reload_browser = true;
 	}
 
+	$_language = null;
+
 	// Determine language file to import:
 	// 1. Check for the language from a request var
 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))

[signature.asc (application/pgp-signature, inline)]

Message #40 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Thijs Kinkhorst <thijs@debian.org>

Cc: 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>, control@bugs.debian.org, secure-testing-team@lists.alioth.debian.org

Subject: Re: register_globals on is not supported

Date: Tue, 23 Dec 2008 11:49:31 +0100

[Message part 1 (text/plain, inline)]

tags 508026 fixed-upstream
thanks

Hi,

Thijs Kinkhorst ha scritto:
> As it seems, upstream does already support running in register_globals=0 mode 
> for a long time (according to their changelog since 2002...). Therefore I 
> guess this bug would be fixed if the statement turning register_globals on 
> was removed from the Apache configuration file. Of course this does need some 
> thorough testing.
> 
> When doing that, including the fix from this bug report aswell is a good idea 
> since it can't hurt and will provide some extra protection for those running 
> unsafe setups.

Upstream released a new version to fix this issue. In attachment the debdiff for
stable/testing/unstable with the trivial backported patch[1], and
register_globals off (not in stable).

I also tested phppgadmin with register_globals off, and I didn't find any
evidently problems.

I'm not a DD, so these need a review and an upload.


[1]http://github.com/xzilla/phppgadmin/commit/a4531f0f3345f92c721aaeae0226fea0b634aed4

Giuseppe.

[phppgadmin_4.0.1-3.2.debdiff (text/plain, inline)]

diff -u phppgadmin-4.0.1/debian/changelog phppgadmin-4.0.1/debian/changelog
--- phppgadmin-4.0.1/debian/changelog
+++ phppgadmin-4.0.1/debian/changelog
@@ -1,3 +1,11 @@
+phppgadmin (4.0.1-3.2) stable-security; urgency=high
+
+  * Non-maintainer upload.
+  * Fix local file inclusion vulnerability: (CVE-2008-5587)
+    Unset language variable before determine file includes (Closes: #508026)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 11:20:56 +0100
+
 phppgadmin (4.0.1-3.1) unstable; urgency=low
 
   * Non-maintainer upload to fix pending l10n issues.
only in patch4:
unchanged:
--- phppgadmin-4.0.1.orig/libraries/lib.inc.php
+++ phppgadmin-4.0.1/libraries/lib.inc.php
@@ -94,6 +94,8 @@
 	}
 
 	// Determine language file to import:
+	unset($_language);
+
 	// 1. Check for the language from a request var
 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
 		$_language = $_REQUEST['language'];

[phppgadmin_4.2.1-1.1.debdiff (text/plain, inline)]

diff -u phppgadmin-4.2.1/debian/changelog phppgadmin-4.2.1/debian/changelog
--- phppgadmin-4.2.1/debian/changelog
+++ phppgadmin-4.2.1/debian/changelog
@@ -1,3 +1,12 @@
+phppgadmin (4.2.1-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * debian/patches/CVE-2008-5587.patch: Unset language variable before
+    determine file includes (CVE-2008-5587) (Closes: #508026)
+  * debian/apache.conf: Removing register_globals on directive
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 10:35:24 +0100
+
 phppgadmin (4.2.1-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2.1/debian/apache.conf phppgadmin-4.2.1/debian/apache.conf
--- phppgadmin-4.2.1/debian/apache.conf
+++ phppgadmin-4.2.1/debian/apache.conf
@@ -15,7 +15,6 @@
 <IfModule mod_php5.c>
   php_flag magic_quotes_gpc Off
   php_flag track_vars On
-  php_flag register_globals On
   php_value include_path .
 </IfModule>
 
diff -u phppgadmin-4.2.1/debian/patches/series phppgadmin-4.2.1/debian/patches/series
--- phppgadmin-4.2.1/debian/patches/series
+++ phppgadmin-4.2.1/debian/patches/series
@@ -2,0 +3 @@
+CVE-2008-5587.patch
only in patch4:
unchanged:
--- phppgadmin-4.2.1.orig/debian/patches/CVE-2008-5587.patch
+++ phppgadmin-4.2.1/debian/patches/CVE-2008-5587.patch
@@ -0,0 +1,12 @@
+Unset language variable before determine file includes
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -95,6 +95,8 @@
+ 	}
+ 
+ 	// Determine language file to import:
++	unset($_language);
++
+ 	// 1. Check for the language from a request var
+ 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
+ 		$_language = $_REQUEST['language'];

[phppgadmin_4.2-1.1.debdiff (text/plain, inline)]

diff -u phppgadmin-4.2/debian/apache.conf phppgadmin-4.2/debian/apache.conf
--- phppgadmin-4.2/debian/apache.conf
+++ phppgadmin-4.2/debian/apache.conf
@@ -15,7 +15,6 @@
 <IfModule mod_php5.c>
   php_flag magic_quotes_gpc Off
   php_flag track_vars On
-  php_flag register_globals On
   php_value include_path .
 </IfModule>
 
diff -u phppgadmin-4.2/debian/changelog phppgadmin-4.2/debian/changelog
--- phppgadmin-4.2/debian/changelog
+++ phppgadmin-4.2/debian/changelog
@@ -1,3 +1,12 @@
+phppgadmin (4.2-1.1) testing-security; urgency=high
+
+  * Non-maintainer upload.
+  * debian/patches/CVE-2008-5587.patch: Unset language variable before
+    determine file includes (CVE-2008-5587) (Closes: #508026)
+  * debian/apache.conf: Removing register_globals on directive
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 10:04:17 +0100
+
 phppgadmin (4.2-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2/debian/patches/series phppgadmin-4.2/debian/patches/series
--- phppgadmin-4.2/debian/patches/series
+++ phppgadmin-4.2/debian/patches/series
@@ -2,0 +3 @@
+CVE-2008-5587.patch
only in patch4:
unchanged:
--- phppgadmin-4.2.orig/debian/patches/CVE-2008-5587.patch
+++ phppgadmin-4.2/debian/patches/CVE-2008-5587.patch
@@ -0,0 +1,12 @@
+Unset language variable before determine file includes
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -95,6 +95,8 @@
+ 	}
+ 
+ 	// Determine language file to import:
++	unset($_language);
++
+ 	// 1. Check for the language from a request var
+ 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
+ 		$_language = $_REQUEST['language'];

[signature.asc (application/pgp-signature, attachment)]

Message #47 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <debian-secure-testing+ml@ngolde.de>

To: Giuseppe Iuculano <giuseppe@iuculano.it>

Cc: Thijs Kinkhorst <thijs@debian.org>, 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>, secure-testing-team@lists.alioth.debian.org

Subject: Re: register_globals on is not supported

Date: Tue, 23 Dec 2008 15:05:31 +0100

[Message part 1 (text/plain, inline)]

Hi,
* Giuseppe Iuculano <giuseppe@iuculano.it> [2008-12-23 14:50]:
> Thijs Kinkhorst ha scritto:
> > As it seems, upstream does already support running in register_globals=0 mode 
> > for a long time (according to their changelog since 2002...). Therefore I 
> > guess this bug would be fixed if the statement turning register_globals on 
> > was removed from the Apache configuration file. Of course this does need some 
> > thorough testing.
> > 
> > When doing that, including the fix from this bug report aswell is a good idea 
> > since it can't hurt and will provide some extra protection for those running 
> > unsafe setups.
> 
> Upstream released a new version to fix this issue. In attachment the debdiff for
> stable/testing/unstable with the trivial backported patch[1], and
> register_globals off (not in stable).
> 
> I also tested phppgadmin with register_globals off, and I didn't find any
> evidently problems.
> 
> I'm not a DD, so these need a review and an upload.

I take care of sponsoring the upload for unstable. For 
stable security the version looks wrong to me, please use 
4.0.1-3.1etch4.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #52 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Giuseppe Iuculano <giuseppe@iuculano.it>, Thijs Kinkhorst <thijs@debian.org>, 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>, secure-testing-team@lists.alioth.debian.org

Subject: Re: register_globals on is not supported

Date: Tue, 23 Dec 2008 15:43:39 +0100

[Message part 1 (text/plain, inline)]

Hi,

Nico Golde ha scritto:
> I take care of sponsoring the upload for unstable. For 
> stable security the version looks wrong to me, please use 
> 4.0.1-3.1etch4.

Right, attached the new debdiff.

Giuseppe.

[phppgadmin_4.0.1-3.1etch4.debdiff (text/plain, inline)]

diff -u phppgadmin-4.0.1/debian/changelog phppgadmin-4.0.1/debian/changelog
--- phppgadmin-4.0.1/debian/changelog
+++ phppgadmin-4.0.1/debian/changelog
@@ -1,3 +1,11 @@
+phppgadmin (4.0.1-3.1etch4) stable-security; urgency=high
+
+  * Non-maintainer upload.
+  * Fix local file inclusion vulnerability: (CVE-2008-5587)
+    Unset language variable before determine file includes (Closes: #508026)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 11:20:56 +0100
+
 phppgadmin (4.0.1-3.1) unstable; urgency=low
 
   * Non-maintainer upload to fix pending l10n issues.
only in patch4:
unchanged:
--- phppgadmin-4.0.1.orig/libraries/lib.inc.php
+++ phppgadmin-4.0.1/libraries/lib.inc.php
@@ -94,6 +94,8 @@
 	}
 
 	// Determine language file to import:
+	unset($_language);
+
 	// 1. Check for the language from a request var
 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
 		$_language = $_REQUEST['language'];

[phppgadmin_4.2-1lenny1.debdiff (text/plain, inline)]

diff -u phppgadmin-4.2/debian/apache.conf phppgadmin-4.2/debian/apache.conf
--- phppgadmin-4.2/debian/apache.conf
+++ phppgadmin-4.2/debian/apache.conf
@@ -15,7 +15,6 @@
 <IfModule mod_php5.c>
   php_flag magic_quotes_gpc Off
   php_flag track_vars On
-  php_flag register_globals On
   php_value include_path .
 </IfModule>
 
diff -u phppgadmin-4.2/debian/changelog phppgadmin-4.2/debian/changelog
--- phppgadmin-4.2/debian/changelog
+++ phppgadmin-4.2/debian/changelog
@@ -1,3 +1,12 @@
+phppgadmin (4.2-1lenny1) testing-security; urgency=high
+
+  * Non-maintainer upload.
+  * debian/patches/CVE-2008-5587.patch: Unset language variable before
+    determine file includes (CVE-2008-5587) (Closes: #508026)
+  * debian/apache.conf: Removing register_globals on directive
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 10:04:17 +0100
+
 phppgadmin (4.2-1) unstable; urgency=low
 
   * New upstream release
diff -u phppgadmin-4.2/debian/patches/series phppgadmin-4.2/debian/patches/series
--- phppgadmin-4.2/debian/patches/series
+++ phppgadmin-4.2/debian/patches/series
@@ -2,0 +3 @@
+CVE-2008-5587.patch
only in patch4:
unchanged:
--- phppgadmin-4.2.orig/debian/patches/CVE-2008-5587.patch
+++ phppgadmin-4.2/debian/patches/CVE-2008-5587.patch
@@ -0,0 +1,12 @@
+Unset language variable before determine file includes
+--- a/libraries/lib.inc.php
++++ b/libraries/lib.inc.php
+@@ -95,6 +95,8 @@
+ 	}
+ 
+ 	// Determine language file to import:
++	unset($_language);
++
+ 	// 1. Check for the language from a request var
+ 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
+ 		$_language = $_REQUEST['language'];

[signature.asc (application/pgp-signature, attachment)]

Message #57 received at 508026-close@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: 508026-close@bugs.debian.org

Subject: Bug#508026: fixed in phppgadmin 4.2.1-1.1

Date: Tue, 23 Dec 2008 15:18:03 +0000

Source: phppgadmin
Source-Version: 4.2.1-1.1

We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:

phppgadmin_4.2.1-1.1.diff.gz
  to pool/main/p/phppgadmin/phppgadmin_4.2.1-1.1.diff.gz
phppgadmin_4.2.1-1.1.dsc
  to pool/main/p/phppgadmin/phppgadmin_4.2.1-1.1.dsc
phppgadmin_4.2.1-1.1_all.deb
  to pool/main/p/phppgadmin/phppgadmin_4.2.1-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 508026@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuseppe@iuculano.it> (supplier of updated phppgadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 23 Dec 2008 10:35:24 +0100
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 4.2.1-1.1
Distribution: unstable
Urgency: low
Maintainer: Isaac Clerencia <isaac@debian.org>
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description: 
 phppgadmin - web-based administration tool for PostgreSQL
Closes: 508026
Changes: 
 phppgadmin (4.2.1-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * debian/patches/CVE-2008-5587.patch: Unset language variable before
     determine file includes (CVE-2008-5587) (Closes: #508026)
   * debian/apache.conf: Removing register_globals on directive
Checksums-Sha1: 
 1233da1738bb3c8e9c32b5929d9ce333d1aaa70b 1210 phppgadmin_4.2.1-1.1.dsc
 46947101a58a25ec4232fb9d1c50254f74839c73 7807 phppgadmin_4.2.1-1.1.diff.gz
 8878848ec0ed55e9eabf2df6f072e80537f75b69 904528 phppgadmin_4.2.1-1.1_all.deb
Checksums-Sha256: 
 8ee8102240ae51038bd1da4c32cf01cd210d3f5252248b6580cb956aaaa32ca4 1210 phppgadmin_4.2.1-1.1.dsc
 a9b0cf29ed91bbaa0cecff312df210385d49517aad7edb96cbc7b236b6fe7e37 7807 phppgadmin_4.2.1-1.1.diff.gz
 47a68b13f3b96fabd768b80816e15114a653a3fadb0288ee106186558dbee51b 904528 phppgadmin_4.2.1-1.1_all.deb
Files: 
 40af55231bbee6312aae347949d20dd8 1210 web extra phppgadmin_4.2.1-1.1.dsc
 5e587f7e44e9e0516d22001b376c1d0e 7807 web extra phppgadmin_4.2.1-1.1.diff.gz
 7b8e766d7818c1b21f2c19533cf19ccc 904528 web extra phppgadmin_4.2.1-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklQ8okACgkQHYflSXNkfP9PqACeLFeQWVE9JyYEjd/YM2gUt+n2
R20AnRkBbKU9e0FWJhe8faIoHxnG7yYf
=idcu
-----END PGP SIGNATURE-----

Message #62 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Thijs Kinkhorst <thijs@debian.org>, 508026@bugs.debian.org, team@security.debian.org, Raphael Geissert <atomo64@gmail.com>, secure-testing-team@lists.alioth.debian.org

Subject: Re: register_globals on is not supported

Date: Tue, 23 Dec 2008 18:49:34 +0100

[Message part 1 (text/plain, inline)]

Hi,

Giuseppe Iuculano ha scritto:
> Hi,
> 
> Nico Golde ha scritto:
>> I take care of sponsoring the upload for unstable. For 
>> stable security the version looks wrong to me, please use 
>> 4.0.1-3.1etch4.
> 
> Right, attached the new debdiff.
> 
> Giuseppe.
> 

Attached a new proposed debdiff to fix also #427151, #449103 (CVE-2007-2865,
CVE-2007-5728) in stable.


Giuseppe.

[phppgadmin_4.0.1-3.1etch4.debdiff (text/plain, inline)]

diff -u phppgadmin-4.0.1/debian/changelog phppgadmin-4.0.1/debian/changelog
--- phppgadmin-4.0.1/debian/changelog
+++ phppgadmin-4.0.1/debian/changelog
@@ -1,3 +1,15 @@
+phppgadmin (4.0.1-3.1etch4) stable-security; urgency=high
+
+  * Non-maintainer upload.
+  * debian/patches/01_CVE-2008-5587.dpatch: Unset language variable before
+    determine file includes (Closes: #508026), and fix local file inclusion
+    vulnerability (CVE-2008-5587)
+  * debian/patches/02_CVE-2007-2865_CVE-2007-5728.dpatch: Backported upstream
+    patch to fix XSS vulnerability (Closes: #427151) (Closes: #449103)
+    (CVE-2007-2865, CVE-2007-5728)
+
+ -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 23 Dec 2008 18:19:59 +0100
+
 phppgadmin (4.0.1-3.1) unstable; urgency=low
 
   * Non-maintainer upload to fix pending l10n issues.
only in patch4:
unchanged:
--- phppgadmin-4.0.1.orig/debian/patches/02_CVE-2007-2865_CVE-2007-5728.dpatch
+++ phppgadmin-4.0.1/debian/patches/02_CVE-2007-2865_CVE-2007-5728.dpatch
@@ -0,0 +1,394 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02_CVE-2007-2865_CVE-2007-5728.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: backport XSS vulnerability fixes (CVE-2007-2865,CVE-2007-5728)
+
+@DPATCH@
+diff -urNad phppgadmin-4.0.1~/all_db.php phppgadmin-4.0.1/all_db.php
+--- phppgadmin-4.0.1~/all_db.php	2005-10-18 05:45:15.000000000 +0200
++++ phppgadmin-4.0.1/all_db.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Display a form for alter and perform actual alter
+diff -urNad phppgadmin-4.0.1~/casts.php phppgadmin-4.0.1/casts.php
+--- phppgadmin-4.0.1~/casts.php	2005-10-18 05:45:15.000000000 +0200
++++ phppgadmin-4.0.1/casts.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show default list of casts in the database
+diff -urNad phppgadmin-4.0.1~/constraints.php phppgadmin-4.0.1/constraints.php
+--- phppgadmin-4.0.1~/constraints.php	2005-10-18 05:45:15.000000000 +0200
++++ phppgadmin-4.0.1/constraints.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	include_once('./classes/class.select.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Confirm and then actually add a FOREIGN KEY constraint
+diff -urNad phppgadmin-4.0.1~/conversions.php phppgadmin-4.0.1/conversions.php
+--- phppgadmin-4.0.1~/conversions.php	2005-10-18 05:45:15.000000000 +0200
++++ phppgadmin-4.0.1/conversions.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show default list of conversions in the database
+diff -urNad phppgadmin-4.0.1~/database.php phppgadmin-4.0.1/database.php
+--- phppgadmin-4.0.1~/database.php	2005-11-09 10:05:58.000000000 +0100
++++ phppgadmin-4.0.1/database.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	function _highlight($string, $term) {
+ 		return str_replace($term, "<b>{$term}</b>", $string);
+diff -urNad phppgadmin-4.0.1~/dataexport.php phppgadmin-4.0.1/dataexport.php
+--- phppgadmin-4.0.1~/dataexport.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/dataexport.php	2008-12-23 18:13:26.000000000 +0100
+@@ -307,7 +307,7 @@
+ 		$misc->printTitle($lang['strexport']);
+ 		if (isset($msg)) $misc->printMsg($msg);
+ 
+-		echo "<form action=\"{$_SERVER['PHP_SELF']}\" method=\"post\">\n";
++	 	echo "<form action=\"{$PHP_SELF}\" method=\"post\">\n";
+ 		echo "<table>\n";
+ 		echo "<tr><th class=\"data\">{$lang['strformat']}:</th><td><select name=\"d_format\">\n";
+ 		// COPY and SQL require a table
+diff -urNad phppgadmin-4.0.1~/display.php phppgadmin-4.0.1/display.php
+--- phppgadmin-4.0.1~/display.php	2005-11-20 04:07:26.000000000 +0100
++++ phppgadmin-4.0.1/display.php	2008-12-23 18:13:36.000000000 +0100
+@@ -21,7 +21,6 @@
+ 	global $conf, $lang;
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show confirmation of edit and perform actual update
+diff -urNad phppgadmin-4.0.1~/domains.php phppgadmin-4.0.1/domains.php
+--- phppgadmin-4.0.1~/domains.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/domains.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 	
+ 	/** 
+ 	 * Function to save after altering a domain
+diff -urNad phppgadmin-4.0.1~/functions.php phppgadmin-4.0.1/functions.php
+--- phppgadmin-4.0.1~/functions.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/functions.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 	
+ 	/** 
+ 	 * Function to save after editing a function
+diff -urNad phppgadmin-4.0.1~/groups.php phppgadmin-4.0.1/groups.php
+--- phppgadmin-4.0.1~/groups.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/groups.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Add user to a group
+diff -urNad phppgadmin-4.0.1~/indexes.php phppgadmin-4.0.1/indexes.php
+--- phppgadmin-4.0.1~/indexes.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/indexes.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	include_once('./classes/class.select.php');
+ 		
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show confirmation of cluster index and perform actual cluster
+diff -urNad phppgadmin-4.0.1~/info.php phppgadmin-4.0.1/info.php
+--- phppgadmin-4.0.1~/info.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/info.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * List all the information on the table
+diff -urNad phppgadmin-4.0.1~/intro.php phppgadmin-4.0.1/intro.php
+--- phppgadmin-4.0.1~/intro.php	2005-05-02 17:47:24.000000000 +0200
++++ phppgadmin-4.0.1/intro.php	2008-12-23 18:13:26.000000000 +0100
+@@ -19,7 +19,7 @@
+ 
+ <h4><?php echo "$appName $appVersion (PHP ". phpversion() .')' ?></h4>
+ 
+-<form method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
++<form method="get" action="<?php echo $PHP_SELF; ?>">
+  <label>
+   <select name="language" onchange="this.form.submit()">
+ <?php
+diff -urNad phppgadmin-4.0.1~/languages.php phppgadmin-4.0.1/languages.php
+--- phppgadmin-4.0.1~/languages.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/languages.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show default list of languages in the database
+diff -urNad phppgadmin-4.0.1~/libraries/lib.inc.php phppgadmin-4.0.1/libraries/lib.inc.php
+--- phppgadmin-4.0.1~/libraries/lib.inc.php	2008-12-23 18:13:04.000000000 +0100
++++ phppgadmin-4.0.1/libraries/lib.inc.php	2008-12-23 18:13:36.000000000 +0100
+@@ -221,4 +221,7 @@
+ 		}
+ 	}
+ 
++	// Prevent XSS attacks
++	$PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, $lang['appcharset']);
++
+ ?>
+diff -urNad phppgadmin-4.0.1~/login.php phppgadmin-4.0.1/login.php
+--- phppgadmin-4.0.1~/login.php	2005-11-19 10:14:34.000000000 +0100
++++ phppgadmin-4.0.1/login.php	2008-12-23 18:13:26.000000000 +0100
+@@ -10,6 +10,8 @@
+ 	// This needs to be an include once to prevent lib.inc.php infinite recursive includes.
+ 	// Check to see if the configuration file exists, if not, explain
+ 	require_once('./libraries/lib.inc.php');
++
++	global $PHP_SELF;
+ 	
+ 	$misc->printHeader($lang['strlogin']);
+ 	$misc->printBody();
+@@ -22,7 +24,7 @@
+ 	if (isset($msg)) $misc->printMsg($msg);
+ ?>
+ 
+-<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post" name="login_form">
++<form action="<?php echo $PHP_SELF ?>" method="post" name="login_form">
+ <?php
+ 	if (!empty($_POST)) $vars =& $_POST;
+ 	else $vars =& $_GET;
+diff -urNad phppgadmin-4.0.1~/operators.php phppgadmin-4.0.1/operators.php
+--- phppgadmin-4.0.1~/operators.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/operators.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show read only properties for an operator
+diff -urNad phppgadmin-4.0.1~/plugin_slony.php phppgadmin-4.0.1/plugin_slony.php
+--- phppgadmin-4.0.1~/plugin_slony.php	2005-11-09 10:05:58.000000000 +0100
++++ phppgadmin-4.0.1/plugin_slony.php	2008-12-23 18:13:36.000000000 +0100
+@@ -20,7 +20,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 	
+ 	// Include 'slony_cluster' in $misc->href if present
+ 	if (isset($_REQUEST['slony_cluster'])) {
+diff -urNad phppgadmin-4.0.1~/privileges.php phppgadmin-4.0.1/privileges.php
+--- phppgadmin-4.0.1~/privileges.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/privileges.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Grant permissions on an object to a user
+diff -urNad phppgadmin-4.0.1~/reports.php phppgadmin-4.0.1/reports.php
+--- phppgadmin-4.0.1~/reports.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/reports.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Displays a screen where they can edit a report
+diff -urNad phppgadmin-4.0.1~/rules.php phppgadmin-4.0.1/rules.php
+--- phppgadmin-4.0.1~/rules.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/rules.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Confirm and then actually create a rule
+diff -urNad phppgadmin-4.0.1~/schemas.php phppgadmin-4.0.1/schemas.php
+--- phppgadmin-4.0.1~/schemas.php	2005-10-18 06:00:19.000000000 +0200
++++ phppgadmin-4.0.1/schemas.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show default list of schemas in the database
+diff -urNad phppgadmin-4.0.1~/sequences.php phppgadmin-4.0.1/sequences.php
+--- phppgadmin-4.0.1~/sequences.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/sequences.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Display list of all sequences in the database/schema
+diff -urNad phppgadmin-4.0.1~/servers.php phppgadmin-4.0.1/servers.php
+--- phppgadmin-4.0.1~/servers.php	2005-10-18 06:00:19.000000000 +0200
++++ phppgadmin-4.0.1/servers.php	2008-12-23 18:13:36.000000000 +0100
+@@ -12,7 +12,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 	
+ 	function doLogout() {
+ 		global $misc, $lang, $_reload_browser;
+diff -urNad phppgadmin-4.0.1~/sql.php phppgadmin-4.0.1/sql.php
+--- phppgadmin-4.0.1~/sql.php	2005-06-16 16:40:11.000000000 +0200
++++ phppgadmin-4.0.1/sql.php	2008-12-23 18:13:36.000000000 +0100
+@@ -87,8 +87,6 @@
+ 		exit;
+ 	}
+ 	
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+-
+ 	$misc->printHeader($lang['strqueryresults']);
+ 	$misc->printBody();
+ 	$misc->printTrail('database');
+diff -urNad phppgadmin-4.0.1~/sqledit.php phppgadmin-4.0.1/sqledit.php
+--- phppgadmin-4.0.1~/sqledit.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/sqledit.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Private function to display server and list of databases
+diff -urNad phppgadmin-4.0.1~/tables.php phppgadmin-4.0.1/tables.php
+--- phppgadmin-4.0.1~/tables.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/tables.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Displays a screen where they can enter a new table
+diff -urNad phppgadmin-4.0.1~/tablespaces.php phppgadmin-4.0.1/tablespaces.php
+--- phppgadmin-4.0.1~/tablespaces.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/tablespaces.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Function to allow altering of a tablespace
+diff -urNad phppgadmin-4.0.1~/tblproperties.php phppgadmin-4.0.1/tblproperties.php
+--- phppgadmin-4.0.1~/tblproperties.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/tblproperties.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/** 
+ 	 * Function to save after altering a table
+diff -urNad phppgadmin-4.0.1~/triggers.php phppgadmin-4.0.1/triggers.php
+--- phppgadmin-4.0.1~/triggers.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/triggers.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	include_once('./classes/class.select.php');
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/** 
+ 	 * Function to save after altering a trigger
+diff -urNad phppgadmin-4.0.1~/types.php phppgadmin-4.0.1/types.php
+--- phppgadmin-4.0.1~/types.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/types.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Show read only properties for a type
+diff -urNad phppgadmin-4.0.1~/users.php phppgadmin-4.0.1/users.php
+--- phppgadmin-4.0.1~/users.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/users.php	2008-12-23 18:13:36.000000000 +0100
+@@ -11,7 +11,6 @@
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 		
+ 	/**
+ 	 * If a user is not a superuser, then we have an 'account management' page
+diff -urNad phppgadmin-4.0.1~/viewproperties.php phppgadmin-4.0.1/viewproperties.php
+--- phppgadmin-4.0.1~/viewproperties.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/viewproperties.php	2008-12-23 18:13:36.000000000 +0100
+@@ -10,7 +10,6 @@
+ 	include_once('./libraries/lib.inc.php');
+ 
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/** 
+ 	 * Function to save after editing a view
+diff -urNad phppgadmin-4.0.1~/views.php phppgadmin-4.0.1/views.php
+--- phppgadmin-4.0.1~/views.php	2005-10-18 05:45:16.000000000 +0200
++++ phppgadmin-4.0.1/views.php	2008-12-23 18:13:36.000000000 +0100
+@@ -12,7 +12,6 @@
+ 	
+ 	$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : '';
+ 	if (!isset($msg)) $msg = '';
+-	$PHP_SELF = $_SERVER['PHP_SELF'];
+ 
+ 	/**
+ 	 * Ask for select parameters and perform select
only in patch4:
unchanged:
--- phppgadmin-4.0.1.orig/debian/patches/00list
+++ phppgadmin-4.0.1/debian/patches/00list
@@ -0,0 +1,2 @@
+01_CVE-2008-5587.dpatch
+02_CVE-2007-2865_CVE-2007-5728.dpatch
only in patch4:
unchanged:
--- phppgadmin-4.0.1.orig/debian/patches/01_CVE-2008-5587.dpatch
+++ phppgadmin-4.0.1/debian/patches/01_CVE-2008-5587.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 01_CVE-2008-5587.dpatch by Giuseppe Iuculano <giuseppe@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Unset language variable before determine file includes (CVE-2008-5587)
+
+@DPATCH@
+diff -urNad phppgadmin-4.0.1~/libraries/lib.inc.php phppgadmin-4.0.1/libraries/lib.inc.php
+--- phppgadmin-4.0.1~/libraries/lib.inc.php	2005-11-23 05:31:10.000000000 +0100
++++ phppgadmin-4.0.1/libraries/lib.inc.php	2008-12-23 18:10:04.000000000 +0100
+@@ -94,6 +94,8 @@
+ 	}
+ 
+ 	// Determine language file to import:
++	unset($_language);
++
+ 	// 1. Check for the language from a request var
+ 	if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
+ 		$_language = $_REQUEST['language'];

[signature.asc (application/pgp-signature, attachment)]

Message #67 received at 508026-close@bugs.debian.org (full text, mbox, reply):

From: Peter Eisentraut <petere@debian.org>

To: 508026-close@bugs.debian.org

Subject: Bug#508026: fixed in phppgadmin 4.2.2-1

Date: Wed, 31 Dec 2008 17:47:07 +0000

Source: phppgadmin
Source-Version: 4.2.2-1

We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:

phppgadmin_4.2.2-1.diff.gz
  to pool/main/p/phppgadmin/phppgadmin_4.2.2-1.diff.gz
phppgadmin_4.2.2-1.dsc
  to pool/main/p/phppgadmin/phppgadmin_4.2.2-1.dsc
phppgadmin_4.2.2-1_all.deb
  to pool/main/p/phppgadmin/phppgadmin_4.2.2-1_all.deb
phppgadmin_4.2.2.orig.tar.gz
  to pool/main/p/phppgadmin/phppgadmin_4.2.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 508026@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Eisentraut <petere@debian.org> (supplier of updated phppgadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 31 Dec 2008 19:32:22 +0200
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 4.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Isaac Clerencia <isaac@debian.org>
Changed-By: Peter Eisentraut <petere@debian.org>
Description: 
 phppgadmin - web-based administration tool for PostgreSQL
Closes: 508026 508026
Changes: 
 phppgadmin (4.2.2-1) unstable; urgency=low
 .
   * New upstream release
     - Fixes local file inclusion vulnerability (CVE-2008-5587) (closes: #508026)
   * Removed register_globals from debian/apache.conf (closes: #508026)
Checksums-Sha1: 
 1e20751f5734e52317594c966baae7844bd86a99 1202 phppgadmin_4.2.2-1.dsc
 a30ff18101982f138bd1a3c9690781bcdfe3ca22 904262 phppgadmin_4.2.2.orig.tar.gz
 4f7211eb7d67f14d07ef8ebe97bfc97fc041b34a 7624 phppgadmin_4.2.2-1.diff.gz
 e29dacc0380464dc732483d162989c9370e8fa5c 904672 phppgadmin_4.2.2-1_all.deb
Checksums-Sha256: 
 05aaf4214d6387d5ea91f10383d60b61b4c1003adaa5a68a4262086ec07b816b 1202 phppgadmin_4.2.2-1.dsc
 253503a3c8110eb3e08236c961ca3801879ef2973ab169a400cf0ccdb6a2db05 904262 phppgadmin_4.2.2.orig.tar.gz
 1659fed9edd5f4dce6ea4aca3f781def7eb86050922a3c65317c49c876c17418 7624 phppgadmin_4.2.2-1.diff.gz
 9f983cfc47a31df81d6cc5b449dd9b68aa94ed535aa9e07fb29196fcbc3e6537 904672 phppgadmin_4.2.2-1_all.deb
Files: 
 a2a0adfd30938934c1f27ac3ad20bf12 1202 web extra phppgadmin_4.2.2-1.dsc
 68280bb47d6420f423578a0a8d731051 904262 web extra phppgadmin_4.2.2.orig.tar.gz
 65be07c334e04cfdaae06804d53a52b0 7624 web extra phppgadmin_4.2.2-1.diff.gz
 e31f93dd9377732ba7a96632decdeafa 904672 web extra phppgadmin_4.2.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklbrQ0ACgkQTTx8oVVPtMZakACgoxAiIk+bsaGDPab3M/+VxeOR
V1UAnRtc7p3rigGPZRDwQWItwt4ORRFE
=4+P4
-----END PGP SIGNATURE-----

Message #72 received at 508026-close@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: 508026-close@bugs.debian.org

Subject: Bug#508026: fixed in phppgadmin 4.0.1-3.1etch4

Date: Sat, 03 Jan 2009 19:52:31 +0000

Source: phppgadmin
Source-Version: 4.0.1-3.1etch4

We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:

phppgadmin_4.0.1-3.1etch4.diff.gz
  to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch4.diff.gz
phppgadmin_4.0.1-3.1etch4.dsc
  to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch4.dsc
phppgadmin_4.0.1-3.1etch4_all.deb
  to pool/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 508026@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuseppe@iuculano.it> (supplier of updated phppgadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 23 Dec 2008 18:19:59 +0100
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 4.0.1-3.1etch4
Distribution: stable-security
Urgency: high
Maintainer: Isaac Clerencia <isaac@debian.org>
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description: 
 phppgadmin - Set of PHP scripts to administrate PostgreSQL over the WWW
Closes: 427151 449103 508026
Changes: 
 phppgadmin (4.0.1-3.1etch4) stable-security; urgency=high
 .
   * Non-maintainer upload.
   * debian/patches/01_CVE-2008-5587.dpatch: Unset language variable before
     determine file includes (Closes: #508026), and fix local file inclusion
     vulnerability (CVE-2008-5587)
   * debian/patches/02_CVE-2007-2865_CVE-2007-5728.dpatch: Backported upstream
     patch to fix XSS vulnerability (Closes: #427151) (Closes: #449103)
     (CVE-2007-2865, CVE-2007-5728)
Files: 
 e6dea463d597f6dda40d774820e3bb03 890 web extra phppgadmin_4.0.1-3.1etch4.dsc
 eedac65ce5d73aca2f92388c9766ba1b 703673 web extra phppgadmin_4.0.1.orig.tar.gz
 1cbe0f619e65a8c49894e8c0fe015fb5 15678 web extra phppgadmin_4.0.1-3.1etch4.diff.gz
 1f5b68f6be269eb3c10646cd8d69c31c 704386 web extra phppgadmin_4.0.1-3.1etch4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSVTf4Wz0hbPcukPfAQLxNwf+M87yBiWJ1T6xHGZQyFl7PSLcJo2xapRu
pYPWXV/I9VPjz1gglrCP9SsS6sNfruMGNZZ47mtwlLK/ak/SSyxU2tVPoLPcTAu1
oackQkEUtZNKvhJvZBxzvO+qz7GqgpPgvpp/KRbusr6JAcW0RZZ++2gwjghSy5ej
ALbzf4mH+Mcaw9iwxn5+Y60y2iPfXaLy0P19fAsruJ+IU+bal+ijgPMyIYIyNXje
Jke6g9mZAgDJSesPjiyfzhSxyatO7zM+JlylZbmkC7KJSZhYvu5V8X1MnP6ve5pI
4xyEu7OAm53xrUAVRtMXzC7snUJzgNxTREoVfaRw13iQYiA4gCwyAg==
=PXUO
-----END PGP SIGNATURE-----

Message #77 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Neil McGovern <neilm@debian.org>

To: 508026@bugs.debian.org

Subject: TPU upload

Date: Sun, 4 Jan 2009 17:41:45 +0000

[Message part 1 (text/plain, inline)]

Hi,

Can this patch be backported against the version in testing, and a TPU
upload done?

Thanks,
Neil
-- 
<Tolimar> I'll run a script, posting some of my wisdoms from time to time to 
	the channel ;)

[signature.asc (application/pgp-signature, inline)]

Message #82 received at 508026@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: Neil McGovern <neilm@debian.org>, 508026@bugs.debian.org

Subject: Re: Bug#508026: TPU upload

Date: Wed, 07 Jan 2009 17:32:45 +0100

[Message part 1 (text/plain, inline)]

Hi,

Neil McGovern ha scritto:
> Can this patch be backported against the version in testing, and a TPU
> upload done?

phppgadmin/4.2.2-1 was unblocked by luk.

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.