SOURCES: sec_sql_injection-0.8.6j.patch (NEW) - new security patch...
grzegorz
grzegorz at pld-linux.org
Wed Nov 21 12:06:39 CET 2007
Author: grzegorz Date: Wed Nov 21 11:06:39 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new security patch for cacti 0.8.6j
---- Files affected:
SOURCES:
sec_sql_injection-0.8.6j.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/sec_sql_injection-0.8.6j.patch
diff -u /dev/null SOURCES/sec_sql_injection-0.8.6j.patch:1.1
--- /dev/null Wed Nov 21 12:06:39 2007
+++ SOURCES/sec_sql_injection-0.8.6j.patch Wed Nov 21 12:06:34 2007
@@ -0,0 +1,14 @@
+diff -ruBbdN cacti-0.8.6j/include/top_graph_header.php cacti-0.8.6j-patched/include/top_graph_header.php
+--- cacti-0.8.6j/include/top_graph_header.php 2007-01-17 19:23:10.000000000 -0500
++++ cacti-0.8.6j-patched/include/top_graph_header.php 2007-11-03 12:53:46.000000000 -0400
+@@ -27,6 +27,10 @@
+ $using_guest_account = false;
+ $show_console_tab = true;
+
++/* ================= input validation ================= */
++input_validate_input_number(get_request_var_request("local_graph_id"));
++/* ==================================================== */
++
+ if (read_config_option("global_auth") == "on") {
+ /* at this point this user is good to go... so get some setting about this
+ user and put them into variables to save excess SQL in the future */
================================================================
More information about the pld-cvs-commit
mailing list