diff -Naur -x '*.orig' sympa-6.2.16/src/cgi/wwsympa.fcgi.in sympa-6.2.16-CVE-2018-1000550/src/cgi/wwsympa.fcgi.in
--- sympa-6.2.16/src/cgi/wwsympa.fcgi.in 2016-06-10 17:59:55.000000000 +0200
+++ sympa-6.2.16-CVE-2018-1000550/src/cgi/wwsympa.fcgi.in 2019-02-20 22:34:08.732042717 +0100
@@ -194,7 +194,6 @@
'firstpasswd' => 'do_firstpasswd',
'requestpasswd' => 'do_requestpasswd',
'choosepasswd' => 'do_choosepasswd',
- 'viewfile' => 'do_viewfile',
'set' => 'do_set',
'admin' => 'do_admin',
'add_request' => 'do_add_request',
@@ -642,6 +641,7 @@
'edit_list' => ['owner'],
'edit_list_request' => ['owner'],
'edit_template' => ['listmaster'],
+ 'editfile' => ['owner', 'listmaster'],
'editsubscriber' => ['owner', 'editor'],
'get_closed_lists' => ['listmaster'],
'get_inactive_lists' => ['listmaster'],
@@ -669,6 +669,7 @@
'restore_list' => ['listmaster'],
'review_family' => ['listmaster'],
'reviewbouncing' => ['owner', 'editor'],
+ 'savefile' => ['owner', 'listmaster'],
'search_user' => ['listmaster'],
'serveradmin' => ['listmaster'],
'set_dumpvars' => ['listmaster'],
@@ -6582,9 +6583,10 @@
'message.header', 'remind.tt2',
'invite.tt2', 'reject.tt2'
) {
- next
- unless (
- $list->may_edit($f, $param->{'user'}{'email'}) eq 'write');
+ my $fa = ($f eq 'info') ? 'info.file' : $f;
+ my ($role, $right) =
+ $list->may_edit($fa, $param->{'user'}{'email'});
+ next unless $right eq 'write';
if ($Sympa::Tools::WWW::filenames{$f}{'gettext_id'}) {
$param->{'files'}{$f}{'complete'} =
$language->gettext(
@@ -9205,12 +9207,9 @@
my $filename_for_auth = $f;
$filename_for_auth = 'info.file'
if ($filename_for_auth eq 'info');
- next
- unless (
- $list->may_edit(
- $filename_for_auth, $param->{'user'}{'email'}
- ) eq 'write'
- );
+ my ($role, $right) = $list->may_edit(
+ $filename_for_auth, $param->{'user'}{'email'});
+ next unless $right eq 'write';
if ($Sympa::Tools::WWW::filenames{$f}{'gettext_id'}) {
$param->{'files'}{$f}{'complete'} =
$language->gettext(
@@ -9380,10 +9379,21 @@
$param->{'subtitle'} = sprintf $param->{'subtitle'}, $in{'file'};
+ unless ($in{'file'} and $Sympa::Tools::WWW::filenames{$in{'file'}}) {
+ Sympa::Report::reject_report_web('user', 'file_not_editable',
+ {'file' => $in{'file'}},
+ $param->{'action'});
+ wwslog('info', 'File %s not editable', $in{'file'});
+ return undef;
+ }
+
if ($param->{'list'}) {
- unless ($list->is_admin('owner', $param->{'user'}{'email'})
- or Sympa::is_listmaster($list, $param->{'user'}->{'email'})) {
- Sympa::Report::reject_report_web('auth', 'action_owner', {},
+ my $fa = ($in{'file'} eq 'info') ? 'info.file' : $in{'file'};
+ my ($role, $right) =
+ $list->may_edit($fa, $param->{'user'}{'email'});
+ unless ($right eq 'write') {
+ Sympa::Report::reject_report_web('auth', 'edit_right',
+ {'role' => $role, 'right' => $right},
$param->{'action'}, $list);
wwslog('err', 'Not allowed');
web_db_log(
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
0f1a4e232d0543ebcde7e2611c55677d
>
files
>
1
