From b25b711e4a62095817e415c4961ea5530c28876e Mon Sep 17 00:00:00 2001 From: Sven Neumann Date: Tue, 13 Sep 2011 10:42:07 +0200 Subject: samba: bump to 3.5.11 Bump to version 3.5.11 and also update the download location. Signed-off-by: Sven Neumann Signed-off-by: Peter Korsgaard --- package/samba/samba-00CVE-2011-2694.patch | 55 ------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 package/samba/samba-00CVE-2011-2694.patch (limited to 'package/samba/samba-00CVE-2011-2694.patch') diff --git a/package/samba/samba-00CVE-2011-2694.patch b/package/samba/samba-00CVE-2011-2694.patch deleted file mode 100644 index 167accfad..000000000 --- a/package/samba/samba-00CVE-2011-2694.patch +++ /dev/null @@ -1,55 +0,0 @@ -From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001 -From: Kai Blin -Date: Thu, 7 Jul 2011 10:03:33 +0200 -Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289) - -Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack -against SWAT, the Samba Web Administration Tool. The attack uses reflection to -insert arbitrary content into the "change password" page. - -This patch fixes the reflection issue by not printing user-specified content on -the website anymore. - -Signed-off-by: Kai Blin - -CVE-2011-2694. ---- - source/web/swat.c | 14 ++------------ - 1 files changed, 2 insertions(+), 12 deletions(-) - -diff --git a/source/web/swat.c b/source/web/swat.c -index 9c7294a..434b1ac 100644 ---- a/source/web/swat.c -+++ b/source/web/swat.c -@@ -1120,11 +1120,9 @@ static void chg_passwd(void) - if(cgi_variable(CHG_S_PASSWD_FLAG)) { - printf("

"); - if (rslt == True) { -- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); -- printf("\n"); -+ printf("%s\n", _(" The passwd has been changed.")); - } else { -- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); -- printf("\n"); -+ printf("%s\n", _(" The passwd has NOT been changed.")); - } - } - -@@ -1138,14 +1136,6 @@ static void passwd_page(void) - { - const char *new_name = cgi_user_name(); - -- /* -- * After the first time through here be nice. If the user -- * changed the User box text to another users name, remember it. -- */ -- if (cgi_variable(SWAT_USER)) { -- new_name = cgi_variable_nonull(SWAT_USER); -- } -- - if (!new_name) new_name = ""; - - printf("

%s

\n", _("Server Password Management")); --- -1.7.1 - -- cgit v1.2.3