Bug#452085: cacti: New upstream release (0.8.7a) with important security fix

Tue, 20 Nov 2007 07:58:49 -0800 

Attached is an NMU proposal for this bug which fixes it, 
just in case you won't have the time to fix it.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/cacti-0.8.7-1_0.8.7-1.1.patch

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u cacti-0.8.7/debian/changelog cacti-0.8.7/debian/changelog
--- cacti-0.8.7/debian/changelog
+++ cacti-0.8.7/debian/changelog
@@ -1,3 +1,12 @@
+cacti (0.8.7-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by testing security team.
+  * Included 07_CVE-2007-6035.patch provided by upstream to fix
+    SQL injection through the local_graph_id parameter passed to
+    the top_graph_header.php script (CVE-2007-6035; Closes: #452085).
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Tue, 20 Nov 2007 16:26:13 +0100
+
 cacti (0.8.7-1) unstable; urgency=low
 
   * New upstream release.
diff -u cacti-0.8.7/debian/patches/series cacti-0.8.7/debian/patches/series
--- cacti-0.8.7/debian/patches/series
+++ cacti-0.8.7/debian/patches/series
@@ -3,0 +4 @@
+07_CVE-2007-6035.patch
only in patch2:
unchanged:
--- cacti-0.8.7.orig/debian/patches/07_CVE-2007-6035.patch
+++ cacti-0.8.7/debian/patches/07_CVE-2007-6035.patch
@@ -0,0 +1,14 @@
+diff -ruBbdN cacti-0.8.7/include/top_graph_header.php cacti-0.8.7-patched/include/top_graph_header.php
+--- cacti-0.8.7/include/top_graph_header.php	2007-10-23 18:43:09.000000000 -0400
++++ cacti-0.8.7-patched/include/top_graph_header.php	2007-11-03 12:51:39.000000000 -0400
+@@ -25,6 +25,10 @@
+ $using_guest_account = false;
+ $show_console_tab = true;
+ 
++/* ================= input validation ================= */
++input_validate_input_number(get_request_var_request("local_graph_id"));
++/* ==================================================== */
++
+ if (read_config_option("auth_method") != 0) {
+ 	/* at this point this user is good to go... so get some setting about this
+ 	user and put them into variables to save excess SQL in the future */

Attachment: pgp9maz8KrnrT.pgp
Description: PGP signature

Reply via email to