rpms/cacti/FC-6 CVE-2007-3112.patch,NONE,1.1 cacti.spec,1.11,1.12

Michael Patrick McGrath (mmcgrath) fedora-extras-commits at redhat.com
Fri Sep 14 21:30:52 UTC 2007


Author: mmcgrath

Update of /cvs/extras/rpms/cacti/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14459/FC-6

Modified Files:
	cacti.spec 
Added Files:
	CVE-2007-3112.patch 
Log Message:
Release bump because Its friday and I'm stupid

CVE-2007-3112.patch:

--- NEW FILE CVE-2007-3112.patch ---
--- branches/BRANCH_0_8_6/cacti/graph_image.php	2007/03/04 20:17:57	3898
+++ branches/BRANCH_0_8_6/cacti/graph_image.php	2007/06/04 06:41:13	3956
@@ -49,22 +49,22 @@
 $graph_data_array = array();
 
 /* override: graph start time (unix time) */
-if (!empty($_GET["graph_start"])) {
+if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
 	$graph_data_array["graph_start"] = $_GET["graph_start"];
 }
 
 /* override: graph end time (unix time) */
-if (!empty($_GET["graph_end"])) {
+if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
 	$graph_data_array["graph_end"] = $_GET["graph_end"];
 }
 
 /* override: graph height (in pixels) */
-if (!empty($_GET["graph_height"])) {
+if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
 	$graph_data_array["graph_height"] = $_GET["graph_height"];
 }
 
 /* override: graph width (in pixels) */
-if (!empty($_GET["graph_width"])) {
+if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
 	$graph_data_array["graph_width"] = $_GET["graph_width"];
 }
 


Index: cacti.spec
===================================================================
RCS file: /cvs/extras/rpms/cacti/FC-6/cacti.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- cacti.spec	14 Sep 2007 21:26:10 -0000	1.11
+++ cacti.spec	14 Sep 2007 21:30:20 -0000	1.12
@@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.6j
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: An rrd based graphing tool
 
 Group: Applications/System
@@ -105,7 +105,7 @@
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 
 %changelog
-* Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-7
+* Fri Sep 14 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-8
 - Fix for CVE-2007-3112 bz#243592
 
 * Sat Sep 08 2007 Mike McGrath <mmcgrath at redhat.com> - 0.8.6j-6




More information about the fedora-extras-commits mailing list