diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-07-30 08:21:50 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-21 08:54:00 +0200 |
| commit | f5e6eb3fda97e1fcd0dce906702d42b7c73c4403 (patch) | |
| tree | 11d28a144663e61717a124ae819bc8aad5a57f1c | |
| parent | 89757940c46ef38ced57c74435879bee526d6d94 (diff) | |
| download | aports-f5e6eb3fda97e1fcd0dce906702d42b7c73c4403.tar.bz2 aports-f5e6eb3fda97e1fcd0dce906702d42b7c73c4403.tar.xz | |
main/cacti: security fix for CVE-2014-5025,CVE-2014-5026
ref #3255
| -rw-r--r-- | main/cacti/APKBUILD | 6 | ||||
| -rw-r--r-- | main/cacti/CVE-2014-5025,5026.patch | 153 |
2 files changed, 158 insertions, 1 deletions
diff --git a/main/cacti/APKBUILD b/main/cacti/APKBUILD index 6ecd8e04a6..5a97d4e5dd 100644 --- a/main/cacti/APKBUILD +++ b/main/cacti/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=cacti pkgver=0.8.8b -pkgrel=2 +pkgrel=3 pkgdesc="Network monitoring tool based on RRDtool" url="http://www.cacti.net" arch="noarch" @@ -10,6 +10,7 @@ depends="mysql php php-mysql php-snmp rrdtool net-snmp php-sockets php-xml php-g makedepends="" source="http://www.cacti.net/downloads/$pkgname-$pkgver.tar.gz security.patch + CVE-2014-5025,5026.patch bug-0002455.patch " @@ -35,10 +36,13 @@ package() { } md5sums="acb40deae073ca22e5c01a8e3ba389fb cacti-0.8.8b.tar.gz bd18f265cca1f9713f88296f0be1ef56 security.patch +04770edd7e55021e10ad7d50b0ffa2e9 CVE-2014-5025,5026.patch aa6d50a78b32e7f3e1a71f93c40c6697 bug-0002455.patch" sha256sums="ef0e2a813139e0b4c2e066f0fdae1f4ad086bef0aa23446055df6331cb1af98c cacti-0.8.8b.tar.gz 73758bdf3f7846875f1620c35d1d982fa27366b053d8bd87363c618e7747c163 security.patch +fbcb79c1500ca76d88a578aa8c0543ffe3789ab3ee0d79055d378e4d79b43637 CVE-2014-5025,5026.patch 598fe1d4677e0ac080a6ada7ae97ff73b748a20e35eabce13f441010227294c0 bug-0002455.patch" sha512sums="98b216f3beb8e90dc554a16ca07cc8b3c9e247335786d8b5e76001d7293251a8a6e03bbe2464f7e9f8e0721359e7cd4a40615dd93ac7b1cc0bec507f01fa24c1 cacti-0.8.8b.tar.gz bed640fb64584b877348cf8163cebe39f6786a2fb8a7e735a81e9a0504b53005feec13e9911566690426f63d120b3744b755c0cbffcb67c44e9fe6dae3ccae80 security.patch +1480f456e3720f344c00a6bba61e7c4200186d6b82b70357d42c7a7c9e67385edefd0633bec6f24d83c95bbecf5f7652e2d8228559d8c7cfc290d59892b4d364 CVE-2014-5025,5026.patch abde50dca8c80c1ea3cfc16a418abda23212c7badda469ec30345b822cf372c45b14cd397bffc77e8765b1fcc605ebd1ab21fffb53a8fbc37bad175219c84596 bug-0002455.patch" diff --git a/main/cacti/CVE-2014-5025,5026.patch b/main/cacti/CVE-2014-5025,5026.patch new file mode 100644 index 0000000000..3292e6cb0f --- /dev/null +++ b/main/cacti/CVE-2014-5025,5026.patch @@ -0,0 +1,153 @@ +Description: Several names/titles were not sanities which allowes a + privileged user to inject XSS code. +Bugs: http://bugs.cacti.net/view.php?id=2456 +Author: Paul Gevers <elbrus@debian.org> + +--- a/data_sources.php ++++ b/data_sources.php +@@ -427,7 +427,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $ds_list .= "<li>" . get_data_source_title($matches[1]) . "<br>"; ++ $ds_list .= "<li>" . htmlspecialchars(get_data_source_title($matches[1])) . "<br>"; + $ds_array[$i] = $matches[1]; + + $i++; +@@ -1359,7 +1359,7 @@ + $poller_interval = ((isset($poller_intervals[$data_source["local_data_id"]])) ? $poller_intervals[$data_source["local_data_id"]] : 0); + + form_alternate_row_color($colors["alternate"], $colors["light"], $i, 'line' . $data_source["local_data_id"]); $i++; +- form_selectable_cell("<a class='linkEditMain' href='" . htmlspecialchars("data_sources.php?action=ds_edit&id=" . $data_source["local_data_id"]) . "' title='" . $data_source["name_cache"] . "'>" . ((get_request_var_request("filter") != "") ? preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "</a>", $data_source["local_data_id"]); ++ form_selectable_cell("<a class='linkEditMain' href='" . htmlspecialchars("data_sources.php?action=ds_edit&id=" . $data_source["local_data_id"]) . "' title='" . htmlspecialchars($data_source["name_cache"], ENT_QUOTES) . "'>" . ((get_request_var_request("filter") != "") ? preg_replace("/(" . preg_quote(get_request_var_request("filter"), "/") . ")/i", "<span style='background-color: #F8D93D;'>\\1</span>", title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) : title_trim(htmlspecialchars($data_source["name_cache"]), read_config_option("max_title_data_source"))) . "</a>", $data_source["local_data_id"]); + form_selectable_cell($data_source['local_data_id'], $data_source['local_data_id']); + form_selectable_cell($data_input_name, $data_source["local_data_id"]); + form_selectable_cell(get_poller_interval($poller_interval), $data_source["local_data_id"]); +--- a/cdef.php ++++ b/cdef.php +@@ -194,7 +194,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $cdef_list .= "<li>" . db_fetch_cell("select name from cdef where id=" . $matches[1]) . "<br>"; ++ $cdef_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from cdef where id=" . $matches[1])) . "<br>"; + $cdef_array[$i] = $matches[1]; + + $i++; +--- a/tree.php ++++ b/tree.php +@@ -354,7 +354,7 @@ + } + + include("./include/top_header.php"); +- form_confirm("Are You Sure?", $text, htmlspecialchars("tree.php?action=edit&id=" . $_GET["tree_id"]), htmlspecialchars("tree.php?action=item_remove&id=" . $_GET["id"] . "&tree_id=" . $_GET["tree_id"])); ++ form_confirm("Are You Sure?", htmlspecialchars($text, ENT_QUOTES), htmlspecialchars("tree.php?action=edit&id=" . $_GET["tree_id"]), htmlspecialchars("tree.php?action=item_remove&id=" . $_GET["id"] . "&tree_id=" . $_GET["tree_id"])); + include("./include/bottom_footer.php"); + exit; + } +@@ -383,7 +383,7 @@ + + if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the tree <strong>'" . db_fetch_cell("select name from graph_tree where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("tree.php"), htmlspecialchars("tree.php?action=remove&id=" . $_GET["id"])); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the tree <strong>'" . htmlspecialchars(db_fetch_cell("select name from graph_tree where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("tree.php"), htmlspecialchars("tree.php?action=remove&id=" . $_GET["id"])); + include("./include/bottom_footer.php"); + exit; + } +--- a/data_input.php ++++ b/data_input.php +@@ -185,7 +185,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $di_list .= "<li>" . db_fetch_cell("SELECT name FROM data_input WHERE id='" . $matches[1] . "'") . "</li>"; ++ $di_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT name FROM data_input WHERE id='" . $matches[1] . "'")) . "</li>"; + $di_array[$i] = $matches[1]; + + $i++; +@@ -246,7 +246,7 @@ + + if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the field <strong>'" . db_fetch_cell("select name from data_input_fields where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("data_input.php?action=edit&id=" . $_GET["data_input_id"]), htmlspecialchars("data_input.php?action=field_remove&id=" . $_GET["id"] . "&data_input_id=" . $_GET["data_input_id"])); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the field <strong>'" . htmlspecialchars(db_fetch_cell("select name from data_input_fields where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("data_input.php?action=edit&id=" . $_GET["data_input_id"]), htmlspecialchars("data_input.php?action=field_remove&id=" . $_GET["id"] . "&data_input_id=" . $_GET["data_input_id"])); + include("./include/bottom_footer.php"); + exit; + } +--- a/graphs.php ++++ b/graphs.php +@@ -387,7 +387,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $graph_list .= "<li>" . get_graph_title($matches[1]) . "</li>"; ++ $graph_list .= "<li>" . htmlspecialchars(get_graph_title($matches[1])) . "</li>"; + $graph_array[$i] = $matches[1]; + + $i++; +--- a/host_templates.php ++++ b/host_templates.php +@@ -156,7 +156,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $host_list .= "<li>" . db_fetch_cell("select name from host_template where id=" . $matches[1]) . "<br>"; ++ $host_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from host_template where id=" . $matches[1])) . "<br>"; + $host_array[$i] = $matches[1]; + + $i++; +--- a/data_templates.php ++++ b/data_templates.php +@@ -305,7 +305,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $ds_list .= "<li>" . db_fetch_cell("select name from data_template where id=" . $matches[1]) . "<br>"; ++ $ds_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from data_template where id=" . $matches[1])) . "<br>"; + $ds_array[$i] = $matches[1]; + + $i++; +--- a/graph_templates.php ++++ b/graph_templates.php +@@ -216,7 +216,7 @@ + input_validate_input_number($matches[1]); + /* ==================================================== */ + +- $graph_list .= "<li>" . db_fetch_cell("select name from graph_templates where id=" . $matches[1]) . "<br>"; ++ $graph_list .= "<li>" . htmlspecialchars(db_fetch_cell("select name from graph_templates where id=" . $matches[1])) . "<br>"; + $graph_array[$i] = $matches[1]; + + $i++; +--- a/user_admin.php ++++ b/user_admin.php +@@ -175,7 +175,7 @@ + /* ==================================================== */ + + if (get_request_var_post("drp_action") != "2") { +- $user_list .= "<li>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1]) . "<br>"; ++ $user_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1])) . "<br>"; + } + $user_array[$i] = $matches[1]; + +--- a/graph_templates_inputs.php ++++ b/graph_templates_inputs.php +@@ -134,7 +134,7 @@ + + if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the input item <strong>'" . db_fetch_cell("select name from graph_template_input where id=" . $_GET["id"]) . "'</strong>? NOTE: Deleting this item will NOT affect graphs that use this template.", htmlspecialchars("graph_templates.php?action=template_edit&id=" . $_GET["graph_template_id"]), htmlspecialchars("graph_templates_inputs.php?action=input_remove&id=" . $_GET["id"] . "&graph_template_id=" . $_GET["graph_template_id"])); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the input item <strong>'" . htmlspecialchars(db_fetch_cell("select name from graph_template_input where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>? NOTE: Deleting this item will NOT affect graphs that use this template.", htmlspecialchars("graph_templates.php?action=template_edit&id=" . $_GET["graph_template_id"]), htmlspecialchars("graph_templates_inputs.php?action=input_remove&id=" . $_GET["id"] . "&graph_template_id=" . $_GET["graph_template_id"])); + include("./include/bottom_footer.php"); + exit; + } +--- a/data_queries.php ++++ b/data_queries.php +@@ -340,7 +340,7 @@ + + if ((read_config_option("deletion_verification") == "on") && (!isset($_GET["confirm"]))) { + include("./include/top_header.php"); +- form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query Graph <strong>'" . db_fetch_cell("select name from snmp_query_graph where id=" . $_GET["id"]) . "'</strong>?", htmlspecialchars("data_queries.php?action=edit&id=" . $_GET["snmp_query_id"]), htmlspecialchars("data_queries.php?action=item_remove&id=" . $_GET["id"] . "&snmp_query_id=" . $_GET["snmp_query_id"])); ++ form_confirm("Are You Sure?", "Are you sure you want to delete the Data Query Graph <strong>'" . htmlspecialchars(db_fetch_cell("select name from snmp_query_graph where id=" . $_GET["id"]), ENT_QUOTES) . "'</strong>?", htmlspecialchars("data_queries.php?action=edit&id=" . $_GET["snmp_query_id"]), htmlspecialchars("data_queries.php?action=item_remove&id=" . $_GET["id"] . "&snmp_query_id=" . $_GET["snmp_query_id"])); + include("./include/bottom_footer.php"); + exit; + } |