diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-31 11:56:10 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-05-31 11:56:10 +0000 |
commit | c605352df241a84d9261d0a9a71420626b11eac6 (patch) | |
tree | 1d1fe3c9cf77a5ca24dc95cc1f5db154eb585b2a | |
parent | 57717bd40005bcde9547439ed69fdf006eacc625 (diff) | |
download | aports-c605352df241a84d9261d0a9a71420626b11eac6.tar.bz2 aports-c605352df241a84d9261d0a9a71420626b11eac6.tar.xz |
main/cacti: security upgrade to 0.8.8g (CVE-2016-3659). Fixes #5375
-rw-r--r-- | main/cacti/APKBUILD | 25 | ||||
-rw-r--r-- | main/cacti/CVE-2015-8369.patch | 204 | ||||
-rw-r--r-- | main/cacti/CVE-2015-8377.patch | 28 | ||||
-rw-r--r-- | main/cacti/CVE-2015-8604.patch | 28 |
4 files changed, 6 insertions, 279 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index 21f05c96e1..2b7635cd70 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,18 +1,14 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti -pkgver=0.8.8f -pkgrel=3 +pkgver=0.8.8g +pkgrel=0 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" license="GPL2+" depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-gd" makedepends="" -source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz - CVE-2015-8369.patch - CVE-2015-8377.patch - CVE-2015-8604.patch - " +source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz" _builddir="$srcdir"/$pkgname-$pkgver prepare() { @@ -34,15 +30,6 @@ package() { mv "$srcdir"/$pkgname-$pkgver/* "$pkgdir"/usr/share/webapps/cacti/ || return 1 } -md5sums="8d90642b362f80c46c489c5531e2ba90 cacti-0.8.8f.tar.gz -aad7eea5843fe6518bd5ac2c83f4681b CVE-2015-8369.patch -8a7086b787c5cfcf95b28a093cf41e26 CVE-2015-8377.patch -d2d7a561ddad59bcf4e1092c048d26c0 CVE-2015-8604.patch" -sha256sums="2ea92407c11bf13302558a5bc9e1f3a57bd14a1d9ded48c505ec495762f76738 cacti-0.8.8f.tar.gz -8f6ffaa2fd7ceb929ccae471ff7e2b462d37ac62c9ce8cffde635205d0eb03d8 CVE-2015-8369.patch -ddce016291decd98a8478f32c94e1f70e55d566c4a222d65437cadbbcd012b3f CVE-2015-8377.patch -766a50cb6d14a0d03811e6332d4d46b6f6717574de370d2d6ab50c2c9b164e73 CVE-2015-8604.patch" -sha512sums="b712a9f8b7bee632cb4982fed72793ac2f4d70aa042784bbd2fd3923a27901f457393aa95bbd63960187e85fe462c35e88fa3cd93e8537a3a68f94bdbf5d7f2b cacti-0.8.8f.tar.gz -1a7de23cf9937905463a2634840fa8878d650e1562565b99ae4f1e7a0200f9942ab2d9f59c7824cbadce9c2e9ee40e5639f8ac8ceba1a4d0349585583d301019 CVE-2015-8369.patch -92f9a02fac66c035aaf5947ae7109661ddb0baf9108bc8a6829515b420b2d30f416010068b871401cb0f63bc63031d8440b63e7a1d125ee0b3454cb21f3d6496 CVE-2015-8377.patch -9677039934b0ce4c42f31437591b2b1d37303e3009c5d773700ffab7e92d20183156f9ec2659bb38876f44095cc2886c0afc9cc03bd950832be2e96dc02620b1 CVE-2015-8604.patch" +md5sums="75f660d54152182e1dbbf0db73143098 cacti-0.8.8g.tar.gz" +sha256sums="3187bd5054ae4e54496bb23187f14c79a441fedcfd397a2d27cd60179f0dee33 cacti-0.8.8g.tar.gz" +sha512sums="cbac69de47a32de8b87d0fc2f32e90eb70f7f13828fd17764957b5afbbcc7a8954ccc49f30f414d5fdf09142967a9ddcb4cde66d03569407ae05fc36612b731c cacti-0.8.8g.tar.gz" diff --git a/main/cacti/CVE-2015-8369.patch b/main/cacti/CVE-2015-8369.patch deleted file mode 100644 index 74b7f7001e..0000000000 --- a/main/cacti/CVE-2015-8369.patch +++ /dev/null @@ -1,204 +0,0 @@ ---- a/include/top_graph_header.php 2015/11/17 01:39:54 7758 -+++ b/include/top_graph_header.php 2015/11/28 20:08:16 7767 -@@ -146,12 +146,12 @@ - $graph_data_array["print_source"] = true; - - /* override: graph start time (unix time) */ -- if (!empty($_GET["graph_start"])) { -+ if (!empty($_REQUEST["graph_start"])) { - $graph_data_array["graph_start"] = get_request_var_request("graph_start"); - } - - /* override: graph end time (unix time) */ -- if (!empty($_GET["graph_end"])) { -+ if (!empty($_REQUEST["graph_end"])) { - $graph_data_array["graph_end"] = get_request_var_request("graph_end"); - } - ---- a/graph.php 2015/08/10 01:16:44 7755 -+++ b/graph.php 2015/11/28 20:08:16 7767 -@@ -32,43 +32,43 @@ - - api_plugin_hook_function('graph'); - --include_once("./lib/html_tree.php"); --include_once("./include/top_graph_header.php"); -- - /* ================= input validation ================= */ --input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$"); --input_validate_input_number(get_request_var("local_graph_id")); --input_validate_input_number(get_request_var("graph_end")); --input_validate_input_number(get_request_var("graph_start")); -+input_validate_input_regex(get_request_var_request("rra_id"), "^([0-9]+|all)$"); -+input_validate_input_number(get_request_var_request("local_graph_id")); -+input_validate_input_number(get_request_var_request("graph_end")); -+input_validate_input_number(get_request_var_request("graph_start")); - input_validate_input_regex(get_request_var_request("view_type"), "^([a-zA-Z0-9]+)$"); - /* ==================================================== */ - --if (!isset($_GET['rra_id'])) { -- $_GET['rra_id'] = 'all'; -+include_once("./lib/html_tree.php"); -+include_once("./include/top_graph_header.php"); -+ -+if (!isset($_REQUEST['rra_id'])) { -+ $_REQUEST['rra_id'] = 'all'; - } - --if ($_GET["rra_id"] == "all") { -+if ($_REQUEST["rra_id"] == "all") { - $sql_where = " where id is not null"; - }else{ -- $sql_where = " where id=" . $_GET["rra_id"]; -+ $sql_where = " where id=" . $_REQUEST["rra_id"]; - } - - /* make sure the graph requested exists (sanity) */ --if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_GET["local_graph_id"]))) { -+if (!(db_fetch_cell("select local_graph_id from graph_templates_graph where local_graph_id=" . $_REQUEST["local_graph_id"]))) { - print "<strong><font size='+1' color='FF0000'>GRAPH DOES NOT EXIST</font></strong>"; exit; - } - - /* take graph permissions into account here, if the user does not have permission - give an "access denied" message */ - if (read_config_option("auth_method") != 0) { -- $access_denied = !(is_graph_allowed($_GET["local_graph_id"])); -+ $access_denied = !(is_graph_allowed($_REQUEST["local_graph_id"])); - - if ($access_denied == true) { - print "<strong><font size='+1' color='FF0000'>ACCESS DENIED</font></strong>"; exit; - } - } - --$graph_title = get_graph_title($_GET["local_graph_id"]); -+$graph_title = get_graph_title($_REQUEST["local_graph_id"]); - - if ($_REQUEST["view_type"] == "tree") { - print "<table width='100%' style='background-color: #ffffff; border: 1px solid #ffffff;' align='center' cellspacing='0' cellpadding='3'>"; -@@ -76,15 +76,15 @@ - print "<table width='100%' style='background-color: #f5f5f5; border: 1px solid #bbbbbb;' align='center' cellspacing='0' cellpadding='3'>"; - } - --$rras = get_associated_rras($_GET["local_graph_id"]); -+$rras = get_associated_rras($_REQUEST["local_graph_id"]); - - switch ($_REQUEST["action"]) { - case 'view': - api_plugin_hook_function('page_buttons', -- array('lgid' => $_GET["local_graph_id"], -+ array('lgid' => $_REQUEST["local_graph_id"], - 'leafid' => '',//$leaf_id, - 'mode' => 'mrtg', -- 'rraid' => $_GET["rra_id"]) -+ 'rraid' => $_REQUEST["rra_id"]) - ); - ?> - <tr class='tableHeader'> -@@ -105,13 +105,13 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img class='graphimage' id='graph_<?php print $_GET["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> -+ <img class='graphimage' id='graph_<?php print $_REQUEST["local_graph_id"] ?>' src='<?php print htmlspecialchars("graph_image.php?action=view&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"]);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> - </td> - <td valign='top' style='padding: 3px;' class='noprint'> -- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $rra["id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'view', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $rra['id'], 'view_type' => $_REQUEST['view_type'])); ?> - <a href='#page_top'><img src='<?php print $config['url_path']; ?>images/graph_page_top.gif' border='0' alt='Page Top' title='Page Top' style='padding: 3px;'></a><br> - </td> - </tr> -@@ -143,7 +143,7 @@ - } - - /* fetch information for the current RRA */ -- $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_GET["rra_id"]); -+ $rra = db_fetch_row("select id,timespan,steps,name from rra where id=" . $_REQUEST["rra_id"]); - - /* define the time span, which decides which rra to use */ - $timespan = -($rra["timespan"]); -@@ -154,24 +154,24 @@ - FROM (data_template_data,data_template_rrd,graph_templates_item) - WHERE graph_templates_item.task_item_id=data_template_rrd.id - AND data_template_rrd.local_data_id=data_template_data.local_data_id -- AND graph_templates_item.local_graph_id=" . $_GET["local_graph_id"] . -+ AND graph_templates_item.local_graph_id=" . $_REQUEST["local_graph_id"] . - " LIMIT 0,1"); - $ds_step = empty($ds_step) ? 300 : $ds_step; - $seconds_between_graph_updates = ($ds_step * $rra["steps"]); - - $now = time(); - -- if (isset($_GET["graph_end"]) && ($_GET["graph_end"] <= $now - $seconds_between_graph_updates)) { -- $graph_end = $_GET["graph_end"]; -+ if (isset($_REQUEST["graph_end"]) && ($_REQUEST["graph_end"] <= $now - $seconds_between_graph_updates)) { -+ $graph_end = $_REQUEST["graph_end"]; - }else{ - $graph_end = $now - $seconds_between_graph_updates; - } - -- if (isset($_GET["graph_start"])) { -- if (($graph_end - $_GET["graph_start"])>$max_timespan) { -+ if (isset($_REQUEST["graph_start"])) { -+ if (($graph_end - $_REQUEST["graph_start"])>$max_timespan) { - $graph_start = $now - $max_timespan; - }else { -- $graph_start = $_GET["graph_start"]; -+ $graph_start = $_REQUEST["graph_start"]; - } - }else{ - $graph_start = $now + $timespan; -@@ -186,7 +186,7 @@ - graph_templates_graph.height, - graph_templates_graph.width - from graph_templates_graph -- where graph_templates_graph.local_graph_id=" . $_GET["local_graph_id"]); -+ where graph_templates_graph.local_graph_id=" . $_REQUEST["local_graph_id"]); - - $graph_height = $graph["height"]; - $graph_width = $graph["width"]; -@@ -214,12 +214,12 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> -+ <img id='zoomGraphImage' class="graphimage" src='<?php print htmlspecialchars("graph_image.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end . "&graph_height=" . $graph_height . "&graph_width=" . $graph_width . "&title_font_size=" . $title_font_size);?>' border='0' alt='<?php print htmlspecialchars($graph_title, ENT_QUOTES);?>'> - </td> - <td valign='top' style='padding: 3px;' class='noprint'> -- <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . $graph_start . "&graph_end=" . $graph_end);?>'><img src='images/graph_properties.gif' border='0' alt='Graph Source/Properties' title='Graph Source/Properties' style='padding: 3px;'></a> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>&graph_start=<?php print $graph_start;?>&graph_end=<?php print $graph_end;?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'zoom', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> - </td> - </tr> - <tr> -@@ -249,17 +249,17 @@ - <table width='1' cellpadding='0'> - <tr> - <td> -- <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&graph_start=" . (isset($_GET["graph_start"]) ? $_GET["graph_start"] : "0") . "&graph_end=" . (isset($_GET["graph_end"]) ? $_GET["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> -+ <img src='<?php print htmlspecialchars("graph_image.php?action=properties&local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&graph_start=" . (isset($_REQUEST["graph_start"]) ? $_REQUEST["graph_start"] : "0") . "&graph_end=" . (isset($_REQUEST["graph_end"]) ? $_REQUEST["graph_end"] : "0"));?>' border='0' alt='<?php print htmlspecialchars($graph_title);?>'> - </td> - <td valign='top' style='padding: 3px;'> -- <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_GET["local_graph_id"]. "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -- <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_GET["local_graph_id"] . "&rra_id=" . $_GET["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -- <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_GET['local_graph_id'], 'rra' => $_GET['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> -+ <a href='<?php print htmlspecialchars("graph.php?action=zoom&local_graph_id=" . $_REQUEST["local_graph_id"]. "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"] . "&graph_start=" . get_request_var("graph_start") . "&graph_end=" . get_request_var("graph_end"));?>'><img src='images/graph_zoom.gif' border='0' alt='Zoom Graph' title='Zoom Graph' style='padding: 3px;'></a><br> -+ <a href='<?php print htmlspecialchars("graph_xport.php?local_graph_id=" . $_REQUEST["local_graph_id"] . "&rra_id=" . $_REQUEST["rra_id"] . "&view_type=" . $_REQUEST["view_type"]);?>'><img src='images/graph_query.png' border='0' alt='CSV Export' title='CSV Export' style='padding: 3px;'></a><br> -+ <?php api_plugin_hook('graph_buttons', array('hook' => 'properties', 'local_graph_id' => $_REQUEST['local_graph_id'], 'rra' => $_REQUEST['rra_id'], 'view_type' => $_REQUEST['view_type'])); ?> - </td> - </tr> - <tr> - <td colspan='2' align='center'> -- <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_GET["rra_id"]));?></strong> -+ <strong><?php print htmlspecialchars(db_fetch_cell("select name from rra where id=" . $_REQUEST["rra_id"]));?></strong> - </td> - </tr> - </table> diff --git a/main/cacti/CVE-2015-8377.patch b/main/cacti/CVE-2015-8377.patch deleted file mode 100644 index 51f52e17e3..0000000000 --- a/main/cacti/CVE-2015-8377.patch +++ /dev/null @@ -1,28 +0,0 @@ -Description: SQL injection vulnerability in the host_new_graphs_save function - in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users - to execute arbitrary SQL commands via crafted serialized data in the - selected_graphs_array parameter in a save action. -Author: Chris Lamb <lamby@debian.org> and Paul Gevers <elbrus@debian.org> -Bug: http://bugs.cacti.net/view.php?id=2655 -Index: cacti/graphs_new.php -=================================================================== ---- cacti.orig/graphs_new.php -+++ cacti/graphs_new.php -@@ -183,11 +183,17 @@ function host_new_graphs_save() { - - while (list($form_id1, $form_array2) = each($form_array)) { - /* enumerate information from the arrays stored in post variables */ -+ /* ================= input validation ================= */ -+ input_validate_input_number($form_id1); -+ /* ==================================================== */ - if ($form_type == "cg") { - $graph_template_id = $form_id1; - }elseif ($form_type == "sg") { - while (list($form_id2, $form_array3) = each($form_array2)) { - $snmp_index_array = $form_array3; -+ /* ================= input validation ================= */ -+ input_validate_input_number($form_id2); -+ /* ==================================================== */ - - $snmp_query_array["snmp_query_id"] = $form_id1; - $snmp_query_array["snmp_index_on"] = get_best_data_query_index_type($_POST["host_id"], $form_id1); diff --git a/main/cacti/CVE-2015-8604.patch b/main/cacti/CVE-2015-8604.patch deleted file mode 100644 index 21c6b366a9..0000000000 --- a/main/cacti/CVE-2015-8604.patch +++ /dev/null @@ -1,28 +0,0 @@ -Description: SQL injection vulnerability in the host_new_graphs function in - graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users - to execute arbitrary SQL commands via crafted serialized data in the - selected_graphs_array parameter in a save action. -Author: Paul Gevers <elbrus@debian.org> -Bug: http://bugs.cacti.net/view.php?id=2652 -Index: cacti/graphs_new.php -=================================================================== ---- cacti.orig/graphs_new.php -+++ cacti/graphs_new.php -@@ -252,6 +252,9 @@ function host_new_graphs($host_id, $host - - while (list($form_type, $form_array) = each($selected_graphs_array)) { - while (list($form_id1, $form_array2) = each($form_array)) { -+ /* ================= input validation ================= */ -+ input_validate_input_number($form_id1); -+ /* ==================================================== */ - if ($form_type == "cg") { - $graph_template_id = $form_id1; - -@@ -260,6 +263,7 @@ function host_new_graphs($host_id, $host - while (list($form_id2, $form_array3) = each($form_array2)) { - /* ================= input validation ================= */ - input_validate_input_number($snmp_query_id); -+ input_validate_input_number($form_id2); - /* ==================================================== */ - - $snmp_query_id = $form_id1; |