rpms/cacti/EL-4 CVE-2007-3112.patch,NONE,1.1 cacti.spec,1.11,1.12
Michael Patrick McGrath (mmcgrath)
fedora-extras-commits at redhat.com
Fri Sep 14 21:30:43 UTC 2007
Author: mmcgrath
Update of /cvs/extras/rpms/cacti/EL-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14459/EL-4
Modified Files:
cacti.spec
Added Files:
CVE-2007-3112.patch
Log Message:
Release bump because Its friday and I'm stupid
CVE-2007-3112.patch:
--- NEW FILE CVE-2007-3112.patch ---
--- branches/BRANCH_0_8_6/cacti/graph_image.php 2007/03/04 20:17:57 3898
+++ branches/BRANCH_0_8_6/cacti/graph_image.php 2007/06/04 06:41:13 3956
@@ -49,22 +49,22 @@
$graph_data_array = array();
/* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"])) {
+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
$graph_data_array["graph_start"] = $_GET["graph_start"];
}
/* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"])) {
+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
$graph_data_array["graph_end"] = $_GET["graph_end"];
}
/* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"])) {
+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
$graph_data_array["graph_height"] = $_GET["graph_height"];
}
/* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"])) {
+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
$graph_data_array["graph_width"] = $_GET["graph_width"];
}
Index: cacti.spec
===================================================================
RCS file: /cvs/extras/rpms/cacti/EL-4/cacti.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- cacti.spec 14 Sep 2007 21:26:02 -0000 1.11
+++ cacti.spec 14 Sep 2007 21:30:11 -0000 1.12
@@ -1,6 +1,6 @@
Name: cacti
Version: 0.8.6j
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: An rrd based graphing tool
Group: Applications/System
@@ -105,7 +105,7 @@
%attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
%changelog
-* Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-7
+* Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8
- Fix for CVE-2007-3112 bz#243592
* Sat Sep 08 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6
More information about the fedora-extras-commits
mailing list