rpms/cacti/devel CVE-2007-3112.patch,NONE,1.1 cacti.spec,1.11,1.12

Michael Patrick McGrath (mmcgrath) fedora-extras-commits at redhat.com
Fri Sep 14 21:26:46 UTC 2007 

Author: mmcgrath

Update of /cvs/extras/rpms/cacti/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13686/devel

Modified Files:
	cacti.spec 
Added Files:
	CVE-2007-3112.patch 
Log Message:
Patches for bug#243592

CVE-2007-3112.patch:

--- NEW FILE CVE-2007-3112.patch ---
--- branches/BRANCH_0_8_6/cacti/graph_image.php	2007/03/04 20:17:57	3898
+++ branches/BRANCH_0_8_6/cacti/graph_image.php	2007/06/04 06:41:13	3956
@@ -49,22 +49,22 @@
 $graph_data_array = array();
 
 /* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"])) {
+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
 	$graph_data_array["graph_start"] = $_GET["graph_start"];
 }
 
 /* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"])) {
+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
 	$graph_data_array["graph_end"] = $_GET["graph_end"];
 }
 
 /* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"])) {
+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
 	$graph_data_array["graph_height"] = $_GET["graph_height"];
 }
 
 /* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"])) {
+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
 	$graph_data_array["graph_width"] = $_GET["graph_width"];
 }
 


Index: cacti.spec
===================================================================
RCS file: /cvs/extras/rpms/cacti/devel/cacti.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- cacti.spec	9 Sep 2007 02:36:14 -0000	1.11
+++ cacti.spec	14 Sep 2007 21:26:13 -0000	1.12
@@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.6j
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: An rrd based graphing tool
 
 Group: Applications/System
@@ -12,6 +12,7 @@
 Source3: cacti.README.Fedora
 
 Patch1: cacti-0.8.6h-dbcfg.patch
+Patch2: CVE-2007-3112.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -32,6 +33,7 @@
 %prep
 %setup -q
 %patch1 -p0
+%patch2 -p3
 
 echo "#*/5 * * * *	cacti	%{_bindir}/php %{_datadir}/%{name}/poller.php > /dev/null 2>&1" >cacti.cron
 
@@ -103,6 +105,9 @@
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 
 %changelog
+* Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-7
+- Fix for CVE-2007-3112 bz#243592
+
 * Sat Sep 08 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6
 - rebuild

More information about the fedora-extras-commits mailing list