main/cacti: security fix (CVE-2015-8604). Fixes #5205

(cherry picked from commit 81eb7e3b062d62dff1b82864cdd42732b50f4a9c)

2 files changed, 36 insertions, 4 deletions

diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD
index 22c0a01bc3..b82a94b3e7 100644
--- a/main/cacti/APKBUILD
+++ b/main/cacti/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Jeff Bilyk <jbilyk@gmail.com>
 pkgname=cacti
 pkgver=0.8.8f
-pkgrel=1
+pkgrel=2
 pkgdesc="Network monitoring tool based on RRDtool"
 url="http://www.cacti.net"
 arch="noarch"
@@ -10,6 +10,7 @@ depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-g
 makedepends=""
 source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz
 	CVE-2015-8369.patch
+	CVE-2015-8604.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -33,8 +34,11 @@ package() {
 
 }
 md5sums="8d90642b362f80c46c489c5531e2ba90  cacti-0.8.8f.tar.gz
-aad7eea5843fe6518bd5ac2c83f4681b  CVE-2015-8369.patch"
+aad7eea5843fe6518bd5ac2c83f4681b  CVE-2015-8369.patch
+d2d7a561ddad59bcf4e1092c048d26c0  CVE-2015-8604.patch"
 sha256sums="2ea92407c11bf13302558a5bc9e1f3a57bd14a1d9ded48c505ec495762f76738  cacti-0.8.8f.tar.gz
-8f6ffaa2fd7ceb929ccae471ff7e2b462d37ac62c9ce8cffde635205d0eb03d8  CVE-2015-8369.patch"
+8f6ffaa2fd7ceb929ccae471ff7e2b462d37ac62c9ce8cffde635205d0eb03d8  CVE-2015-8369.patch
+766a50cb6d14a0d03811e6332d4d46b6f6717574de370d2d6ab50c2c9b164e73  CVE-2015-8604.patch"
 sha512sums="b712a9f8b7bee632cb4982fed72793ac2f4d70aa042784bbd2fd3923a27901f457393aa95bbd63960187e85fe462c35e88fa3cd93e8537a3a68f94bdbf5d7f2b  cacti-0.8.8f.tar.gz
-1a7de23cf9937905463a2634840fa8878d650e1562565b99ae4f1e7a0200f9942ab2d9f59c7824cbadce9c2e9ee40e5639f8ac8ceba1a4d0349585583d301019  CVE-2015-8369.patch"
+1a7de23cf9937905463a2634840fa8878d650e1562565b99ae4f1e7a0200f9942ab2d9f59c7824cbadce9c2e9ee40e5639f8ac8ceba1a4d0349585583d301019  CVE-2015-8369.patch
+9677039934b0ce4c42f31437591b2b1d37303e3009c5d773700ffab7e92d20183156f9ec2659bb38876f44095cc2886c0afc9cc03bd950832be2e96dc02620b1  CVE-2015-8604.patch"
diff --git a/main/cacti/CVE-2015-8604.patch b/main/cacti/CVE-2015-8604.patch
new file mode 100644
index 0000000000..21c6b366a9
--- /dev/null
+++ b/main/cacti/CVE-2015-8604.patch
@@ -0,0 +1,28 @@
+Description: SQL injection vulnerability in the host_new_graphs function in
+ graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users
+ to execute arbitrary SQL commands via crafted serialized data in the
+ selected_graphs_array parameter in a save action.
+Author: Paul Gevers <elbrus@debian.org>
+Bug: http://bugs.cacti.net/view.php?id=2652
+Index: cacti/graphs_new.php
+===================================================================
+--- cacti.orig/graphs_new.php
++++ cacti/graphs_new.php
+@@ -252,6 +252,9 @@ function host_new_graphs($host_id, $host
+ 
+ 	while (list($form_type, $form_array) = each($selected_graphs_array)) {
+ 		while (list($form_id1, $form_array2) = each($form_array)) {
++            /* ================= input validation ================= */
++            input_validate_input_number($form_id1);
++            /* ==================================================== */
+ 			if ($form_type == "cg") {
+ 				$graph_template_id = $form_id1;
+ 
+@@ -260,6 +263,7 @@ function host_new_graphs($host_id, $host
+ 				while (list($form_id2, $form_array3) = each($form_array2)) {
+ 					/* ================= input validation ================= */
+ 					input_validate_input_number($snmp_query_id);
++					input_validate_input_number($form_id2);
+ 					/* ==================================================== */
+ 
+ 					$snmp_query_id = $form_id1;