Bug#926867: unblock: cacti/1.2.2+ds1-2

Thu, 11 Apr 2019 06:30:41 -0700 

Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package cacti

A CVE was found in cacti. The patch that I applied to the cacti package
comes from upstream. Closes https://bugs.debian.org/926700

debdiff attached.

unblock cacti/1.2.2+ds1-2

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (200,
'testing'), (100, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog
--- cacti-1.2.2+ds1/debian/changelog    2019-02-26 21:48:07.000000000 +0100
+++ cacti-1.2.2+ds1/debian/changelog    2019-04-09 20:42:38.000000000 +0200
@@ -1,3 +1,12 @@
+cacti (1.2.2+ds1-2) unstable; urgency=medium
+
+  * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
+    CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
+    before printing out the value of the SNMP community string (SNMP
+    Options) in the View poller cache, leading to XSS.
+
+ -- Paul Gevers <elb...@debian.org>  Tue, 09 Apr 2019 20:42:38 +0200
+
 cacti (1.2.2+ds1-1) unstable; urgency=medium
 
   * New upstream release 1.2.2
diff -Nru cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch 
cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
--- cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch      
1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch      
2019-04-09 20:38:47.000000000 +0200
@@ -0,0 +1,68 @@
+From c373e66a6a224e221a1db037164144ce59b20736 Mon Sep 17 00:00:00 2001
+From: cigamit <ji...@sqmail.org>
+Date: Thu, 28 Mar 2019 06:37:45 -0500
+Subject: [PATCH] Resolving Issue #2581
+
+Stored XSS in "SNMP community string" field
+---
+ CHANGELOG     |  1 +
+ utilities.php | 11 ++++++-----
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/utilities.php b/utilities.php
+index f5478d23..dc9439c4 100644
+--- a/utilities.php
++++ b/utilities.php
+@@ -1543,7 +1543,7 @@ function utilities_view_snmp_cache() {
+                       <?php print filter_value($item['name'], 
get_request_var('filter'));?>
+               </td>
+               <td>
+-                      <?php print $item['snmp_index'];?>
++                      <?php print html_escape($item['snmp_index']);?>
+               </td>
+               <td>
+                       <?php print filter_value($item['field_name'], 
get_request_var('filter'));?>
+@@ -1837,7 +1837,7 @@ function utilities_view_poller_cache() {
+                               </td>
+ 
+                               <td>
+-                                      <?php print $item['description'];?>
++                                      <?php print 
html_escape($item['description']);?>
+                               </td>
+ 
+                               <td>
+@@ -1846,12 +1846,12 @@ function utilities_view_poller_cache() {
+                                       if ($item['snmp_version'] != 3) {
+                                               $details =
+                                                       __('SNMP Version:') . ' 
' . $item['snmp_version'] . ', ' .
+-                                                      __('Community:') . ' ' 
. $item['snmp_community'] . ', ' .
++                                                      __('Community:') . ' ' 
. html_escape($item['snmp_community']) . ', ' .
+                                                       __('OID:') . ' ' . 
filter_value($item['arg1'], get_request_var('filter'));
+                                       } else {
+                                               $details =
+                                                       __('SNMP Version:') . ' 
' . $item['snmp_version'] . ', ' .
+-                                                      __('User:') . ' ' . 
$item['snmp_username'] . ', ' . __('OID:') . ' ' . $item['arg1'];
++                                                      __('User:') . ' ' . 
html_escape($item['snmp_username']) . ', ' . __('OID:') . ' ' . 
html_escape($item['arg1']);
+                                       }
+                               } elseif ($item['action'] == 1) {
+                                               $details = __('Script:') . ' ' 
. filter_value($item['arg1'], get_request_var('filter'));
+@@ -1860,6 +1860,7 @@ function utilities_view_poller_cache() {
+                               }
+ 
+                               print $details;
++
+                               ?>
+                               </td>
+                       </tr>
+@@ -1869,7 +1870,7 @@ function utilities_view_poller_cache() {
+                               <td colspan='2'>
+                               </td>
+                               <td>
+-                                      <?php print __('RRD:');?> <?php print 
$item['rrd_path'];?>
++                                      <?php print __('RRD:');?> <?php print 
html_escape($item['rrd_path']);?>
+                               </td>
+                       </tr>
+                       <?php
+-- 
+2.20.1
+
diff -Nru cacti-1.2.2+ds1/debian/patches/series 
cacti-1.2.2+ds1/debian/patches/series
--- cacti-1.2.2+ds1/debian/patches/series       2019-01-22 20:31:40.000000000 
+0100
+++ cacti-1.2.2+ds1/debian/patches/series       2019-04-09 20:38:14.000000000 
+0200
@@ -2,3 +2,4 @@
 enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch
 perl-path.patch
 font-awesome-path.patch
+0001-Resolving-Issue-2581.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to