Your message dated Thu, 11 Apr 2019 16:57:27 +0000 with message-id <E1hEd0x-0003jQ-Hv@respighi.debian.org> and subject line unblock cacti has caused the Debian Bug report #926867, regarding unblock: cacti/1.2.2+ds1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 926867: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926867 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: cacti/1.2.2+ds1-2
- From: Paul Gevers <elbrus@debian.org>
- Date: Thu, 11 Apr 2019 15:26:42 +0200
- Message-id: <[🔎] 153d1b93-390f-8078-1a9b-2c0e28ab59d9@debian.org>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal Please unblock package cacti A CVE was found in cacti. The patch that I applied to the cacti package comes from upstream. Closes https://bugs.debian.org/926700 debdiff attached. unblock cacti/1.2.2+ds1-2 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (200, 'testing'), (100, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enableddiff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog --- cacti-1.2.2+ds1/debian/changelog 2019-02-26 21:48:07.000000000 +0100 +++ cacti-1.2.2+ds1/debian/changelog 2019-04-09 20:42:38.000000000 +0200 @@ -1,3 +1,12 @@ +cacti (1.2.2+ds1-2) unstable; urgency=medium + + * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700) + CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs + before printing out the value of the SNMP community string (SNMP + Options) in the View poller cache, leading to XSS. + + -- Paul Gevers <elbrus@debian.org> Tue, 09 Apr 2019 20:42:38 +0200 + cacti (1.2.2+ds1-1) unstable; urgency=medium * New upstream release 1.2.2 diff -Nru cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch --- cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch 1970-01-01 01:00:00.000000000 +0100 +++ cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch 2019-04-09 20:38:47.000000000 +0200 @@ -0,0 +1,68 @@ +From c373e66a6a224e221a1db037164144ce59b20736 Mon Sep 17 00:00:00 2001 +From: cigamit <jimmy@sqmail.org> +Date: Thu, 28 Mar 2019 06:37:45 -0500 +Subject: [PATCH] Resolving Issue #2581 + +Stored XSS in "SNMP community string" field +--- + CHANGELOG | 1 + + utilities.php | 11 ++++++----- + 2 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/utilities.php b/utilities.php +index f5478d23..dc9439c4 100644 +--- a/utilities.php ++++ b/utilities.php +@@ -1543,7 +1543,7 @@ function utilities_view_snmp_cache() { + <?php print filter_value($item['name'], get_request_var('filter'));?> + </td> + <td> +- <?php print $item['snmp_index'];?> ++ <?php print html_escape($item['snmp_index']);?> + </td> + <td> + <?php print filter_value($item['field_name'], get_request_var('filter'));?> +@@ -1837,7 +1837,7 @@ function utilities_view_poller_cache() { + </td> + + <td> +- <?php print $item['description'];?> ++ <?php print html_escape($item['description']);?> + </td> + + <td> +@@ -1846,12 +1846,12 @@ function utilities_view_poller_cache() { + if ($item['snmp_version'] != 3) { + $details = + __('SNMP Version:') . ' ' . $item['snmp_version'] . ', ' . +- __('Community:') . ' ' . $item['snmp_community'] . ', ' . ++ __('Community:') . ' ' . html_escape($item['snmp_community']) . ', ' . + __('OID:') . ' ' . filter_value($item['arg1'], get_request_var('filter')); + } else { + $details = + __('SNMP Version:') . ' ' . $item['snmp_version'] . ', ' . +- __('User:') . ' ' . $item['snmp_username'] . ', ' . __('OID:') . ' ' . $item['arg1']; ++ __('User:') . ' ' . html_escape($item['snmp_username']) . ', ' . __('OID:') . ' ' . html_escape($item['arg1']); + } + } elseif ($item['action'] == 1) { + $details = __('Script:') . ' ' . filter_value($item['arg1'], get_request_var('filter')); +@@ -1860,6 +1860,7 @@ function utilities_view_poller_cache() { + } + + print $details; ++ + ?> + </td> + </tr> +@@ -1869,7 +1870,7 @@ function utilities_view_poller_cache() { + <td colspan='2'> + </td> + <td> +- <?php print __('RRD:');?> <?php print $item['rrd_path'];?> ++ <?php print __('RRD:');?> <?php print html_escape($item['rrd_path']);?> + </td> + </tr> + <?php +-- +2.20.1 + diff -Nru cacti-1.2.2+ds1/debian/patches/series cacti-1.2.2+ds1/debian/patches/series --- cacti-1.2.2+ds1/debian/patches/series 2019-01-22 20:31:40.000000000 +0100 +++ cacti-1.2.2+ds1/debian/patches/series 2019-04-09 20:38:14.000000000 +0200 @@ -2,3 +2,4 @@ enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch perl-path.patch font-awesome-path.patch +0001-Resolving-Issue-2581.patchAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 926867-done@bugs.debian.org
- Subject: unblock cacti
- From: Ivo De Decker <ivodd@respighi.debian.org>
- Date: Thu, 11 Apr 2019 16:57:27 +0000
- Message-id: <E1hEd0x-0003jQ-Hv@respighi.debian.org>
Unblocked cacti.
--- End Message ---