rpms/cacti/EL-5 sql_injection_template_export.patch, NONE, 1.1 cacti.spec, 1.20, 1.21
Mike McGrath
mmcgrath at fedoraproject.org
Fri Apr 23 13:54:05 UTC 2010
Author: mmcgrath
Update of /cvs/pkgs/rpms/cacti/EL-5
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22192/EL-5
Modified Files:
cacti.spec
Added Files:
sql_injection_template_export.patch
Log Message:
fixing sql injection issues - 585207
sql_injection_template_export.patch:
templates_export.php | 4 ++++
1 file changed, 4 insertions(+)
--- NEW FILE sql_injection_template_export.patch ---
--- cacti-0.8.7e/templates_export.php 2009-06-28 12:07:11.000000000 -0400
+++ cacti-fixed/templates_export.php 2010-04-17 14:08:42.000000000 -0400
@@ -49,6 +49,10 @@
function form_save() {
global $export_types;
+ /* ================= input validation ================= */
+ input_validate_input_number(get_request_var_post("export_item_id"));
+ /* ==================================================== */
+
if (isset($_POST["save_component_export"])) {
$xml_data = get_item_xml($_POST["export_type"], $_POST["export_item_id"], (((isset($_POST["include_deps"]) ? $_POST["include_deps"] : "") == "") ? false : true));
Index: cacti.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cacti/EL-5/cacti.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- cacti.spec 1 Dec 2009 15:19:46 -0000 1.20
+++ cacti.spec 23 Apr 2010 13:54:05 -0000 1.21
@@ -1,6 +1,6 @@
Name: cacti
Version: 0.8.7e
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: An rrd based graphing tool
Group: Applications/System
@@ -15,6 +15,7 @@ Patch0: cli_add_graph.patch
Patch1: snmp_invalid_response.patch
Patch2: template_duplication.patch
Patch3: cross_site_fix.patch
+Patch4: sql_injection_template_export.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -38,6 +39,7 @@ used to creating traffic graphs with MRT
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
echo "#*/5 * * * * cacti %{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
@@ -113,6 +115,11 @@ fi
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
+* Fri Apr 23 2010 Mike McGrath <mmcgrath at redhat.com> - 0.8.7e-4
+- Pulling in patches from upstream
+- SQL injection fix
+- BZ #541279
+
* Tue Dec 1 2009 Mike McGrath <mmcgrath at redhat.com> - 0.8.7e-3
- Pulling in some official patches
- #541279
More information about the scm-commits
mailing list