Attached is an NMU proposal for this bug which fixes it, just in case you won't have the time to fix it. It will be also archived on: http://people.debian.org/~nion/nmu-diff/cacti-0.8.7-1_0.8.7-1.1.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u cacti-0.8.7/debian/changelog cacti-0.8.7/debian/changelog --- cacti-0.8.7/debian/changelog +++ cacti-0.8.7/debian/changelog @@ -1,3 +1,12 @@ +cacti (0.8.7-1.1) unstable; urgency=high + + * Non-maintainer upload by testing security team. + * Included 07_CVE-2007-6035.patch provided by upstream to fix + SQL injection through the local_graph_id parameter passed to + the top_graph_header.php script (CVE-2007-6035; Closes: #452085). + + -- Nico Golde <[EMAIL PROTECTED]> Tue, 20 Nov 2007 16:26:13 +0100 + cacti (0.8.7-1) unstable; urgency=low * New upstream release. diff -u cacti-0.8.7/debian/patches/series cacti-0.8.7/debian/patches/series --- cacti-0.8.7/debian/patches/series +++ cacti-0.8.7/debian/patches/series @@ -3,0 +4 @@ +07_CVE-2007-6035.patch only in patch2: unchanged: --- cacti-0.8.7.orig/debian/patches/07_CVE-2007-6035.patch +++ cacti-0.8.7/debian/patches/07_CVE-2007-6035.patch @@ -0,0 +1,14 @@ +diff -ruBbdN cacti-0.8.7/include/top_graph_header.php cacti-0.8.7-patched/include/top_graph_header.php +--- cacti-0.8.7/include/top_graph_header.php 2007-10-23 18:43:09.000000000 -0400 ++++ cacti-0.8.7-patched/include/top_graph_header.php 2007-11-03 12:51:39.000000000 -0400 +@@ -25,6 +25,10 @@ + $using_guest_account = false; + $show_console_tab = true; + ++/* ================= input validation ================= */ ++input_validate_input_number(get_request_var_request("local_graph_id")); ++/* ==================================================== */ ++ + if (read_config_option("auth_method") != 0) { + /* at this point this user is good to go... so get some setting about this + user and put them into variables to save excess SQL in the future */
pgp9maz8KrnrT.pgp
Description: PGP signature