Bug 223648 - squirrelmail ships with .orig files
squirrelmail ships with .orig files
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: squirrelmail (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-21 02:26 EST by Daniel Hokka Zakrisson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: squirrelmail-1.4.8-5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-29 12:23:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to get rid of the files (614 bytes, patch)
2007-01-21 02:26 EST, Daniel Hokka Zakrisson
no flags Details | Diff

  None (edit)
Description Daniel Hokka Zakrisson 2007-01-21 02:26:15 EST
Description of problem:
squirrelmail ships with several .orig files resulting from offsets when applying
the patches:
$ rpm -qlp squirrelmail-1.4.8-3.fc6.noarch.rpm | grep .orig
/usr/share/squirrelmail/functions/i18n.php.orig
/usr/share/squirrelmail/functions/mime.php.orig
/usr/share/squirrelmail/src/compose.php.orig
/usr/share/squirrelmail/src/right_main.php.orig
/usr/share/squirrelmail/src/view_text.php.orig

This doesn't cause any problems, it just looks bad. The attached patch got rid
of them here.

Version-Release number of selected component (if applicable):
1.4.8-3.fc6
Comment 1 Daniel Hokka Zakrisson 2007-01-21 02:26:15 EST
Created attachment 146078 [details]
Patch to get rid of the files
Comment 2 Daniel Hokka Zakrisson 2007-01-21 02:32:21 EST
> This doesn't cause any problems, it just looks bad.

Just as I hit commit, I realized that these files can be used to exploit the
vulnerabilities the patches are meant to address.
Comment 3 Warren Togami 2007-01-22 00:01:58 EST
Are you sure they can be?
Comment 4 Daniel Hokka Zakrisson 2007-01-22 00:59:37 EST
I haven't tried exploiting it, but the files are accessible and do create the
expected output. Try accessing e.g. /webmail/src/right_main.php.orig.

Note You need to log in before you can comment on or make changes to this bug.