diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-08-05 11:55:22 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-08-05 11:57:11 +0000 |
commit | 3e80eb628ac006b7ba54ee2152bafab4fa497ef9 (patch) | |
tree | 792307ddb49f20a292ec1e016dfc9475b3cd1ef0 | |
parent | a5127fa22ee9ea0631aababa5ed156c0dab2a321 (diff) | |
download | aports-3e80eb628ac006b7ba54ee2152bafab4fa497ef9.tar.bz2 aports-3e80eb628ac006b7ba54ee2152bafab4fa497ef9.tar.xz |
main/cacti: security fix (CVE-2016-3172). Fixes #5943
(cherry picked from commit a32d5ff12f834f60c89513108384ddd3526d086b)
-rw-r--r-- | main/cacti/APKBUILD | 16 | ||||
-rw-r--r-- | main/cacti/CVE-2016-3172.patch | 12 |
2 files changed, 24 insertions, 4 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index 68f408224a..e6a035c33f 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti pkgver=0.8.8g -pkgrel=0 +pkgrel=1 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" @@ -9,8 +9,13 @@ license="GPL2+" depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-gd" makedepends="" source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz + CVE-2016-3172.patch " +# secfixes: +# 0.8.8g-r1: +# - CVE-2016-3172 + _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" @@ -31,6 +36,9 @@ package() { mv "$srcdir"/$pkgname-$pkgver/* "$pkgdir"/usr/share/webapps/cacti/ || return 1 } -md5sums="75f660d54152182e1dbbf0db73143098 cacti-0.8.8g.tar.gz" -sha256sums="3187bd5054ae4e54496bb23187f14c79a441fedcfd397a2d27cd60179f0dee33 cacti-0.8.8g.tar.gz" -sha512sums="cbac69de47a32de8b87d0fc2f32e90eb70f7f13828fd17764957b5afbbcc7a8954ccc49f30f414d5fdf09142967a9ddcb4cde66d03569407ae05fc36612b731c cacti-0.8.8g.tar.gz" +md5sums="75f660d54152182e1dbbf0db73143098 cacti-0.8.8g.tar.gz +32b43a82a3f3b62ed4b3366708cd9667 CVE-2016-3172.patch" +sha256sums="3187bd5054ae4e54496bb23187f14c79a441fedcfd397a2d27cd60179f0dee33 cacti-0.8.8g.tar.gz +2c2e9f6de48e7291c1b9fb161e7f5c015949e4b96321c82b7f2637b1d1a1d97e CVE-2016-3172.patch" +sha512sums="cbac69de47a32de8b87d0fc2f32e90eb70f7f13828fd17764957b5afbbcc7a8954ccc49f30f414d5fdf09142967a9ddcb4cde66d03569407ae05fc36612b731c cacti-0.8.8g.tar.gz +7977075c83a13c80c31143135699286e1566b851d879bbbcbec0c76fd832f9c9ea319a0f345d46e8c27a5688097392e2cd0a1c09d836faaadbe4b4ef6bbe53e0 CVE-2016-3172.patch" diff --git a/main/cacti/CVE-2016-3172.patch b/main/cacti/CVE-2016-3172.patch new file mode 100644 index 0000000000..f36949bf0f --- /dev/null +++ b/main/cacti/CVE-2016-3172.patch @@ -0,0 +1,12 @@ +diff --git a/tree.php b/tree.php +index 82416e5..9eb84b0 100644 +--- a/tree.php ++++ b/tree.php +@@ -152,6 +152,7 @@ function item_edit() { + + /* ================= input validation ================= */ + input_validate_input_number(get_request_var("id")); ++ input_validate_input_number(get_request_var("parent_id")); + input_validate_input_number(get_request_var("tree_id")); + /* ==================================================== */ + |