[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#926867: marked as done (unblock: cacti/1.2.2+ds1-2)

Your message dated Thu, 11 Apr 2019 16:57:27 +0000
with message-id <E1hEd0x-0003jQ-Hv@respighi.debian.org>
and subject line unblock cacti
has caused the Debian Bug report #926867,
regarding unblock: cacti/1.2.2+ds1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
926867: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926867
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package cacti

A CVE was found in cacti. The patch that I applied to the cacti package
comes from upstream. Closes https://bugs.debian.org/926700

debdiff attached.

unblock cacti/1.2.2+ds1-2

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (200,
'testing'), (100, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog
--- cacti-1.2.2+ds1/debian/changelog	2019-02-26 21:48:07.000000000 +0100
+++ cacti-1.2.2+ds1/debian/changelog	2019-04-09 20:42:38.000000000 +0200
@@ -1,3 +1,12 @@
+cacti (1.2.2+ds1-2) unstable; urgency=medium
+
+  * Add 0001-Resolving-Issue-2581.patch from upstream (Closes: #926700)
+    CVE-2019-11025: In clearFilter() in utilities.php no escaping occurs
+    before printing out the value of the SNMP community string (SNMP
+    Options) in the View poller cache, leading to XSS.
+
+ -- Paul Gevers <elbrus@debian.org>  Tue, 09 Apr 2019 20:42:38 +0200
+
 cacti (1.2.2+ds1-1) unstable; urgency=medium
 
   * New upstream release 1.2.2
diff -Nru cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch
--- cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch	1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/0001-Resolving-Issue-2581.patch	2019-04-09 20:38:47.000000000 +0200
@@ -0,0 +1,68 @@
+From c373e66a6a224e221a1db037164144ce59b20736 Mon Sep 17 00:00:00 2001
+From: cigamit <jimmy@sqmail.org>
+Date: Thu, 28 Mar 2019 06:37:45 -0500
+Subject: [PATCH] Resolving Issue #2581
+
+Stored XSS in "SNMP community string" field
+---
+ CHANGELOG     |  1 +
+ utilities.php | 11 ++++++-----
+ 2 files changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/utilities.php b/utilities.php
+index f5478d23..dc9439c4 100644
+--- a/utilities.php
++++ b/utilities.php
+@@ -1543,7 +1543,7 @@ function utilities_view_snmp_cache() {
+ 			<?php print filter_value($item['name'], get_request_var('filter'));?>
+ 		</td>
+ 		<td>
+-			<?php print $item['snmp_index'];?>
++			<?php print html_escape($item['snmp_index']);?>
+ 		</td>
+ 		<td>
+ 			<?php print filter_value($item['field_name'], get_request_var('filter'));?>
+@@ -1837,7 +1837,7 @@ function utilities_view_poller_cache() {
+ 				</td>
+ 
+ 				<td>
+-					<?php print $item['description'];?>
++					<?php print html_escape($item['description']);?>
+ 				</td>
+ 
+ 				<td>
+@@ -1846,12 +1846,12 @@ function utilities_view_poller_cache() {
+ 					if ($item['snmp_version'] != 3) {
+ 						$details =
+ 							__('SNMP Version:') . ' ' . $item['snmp_version'] . ', ' .
+-							__('Community:') . ' ' . $item['snmp_community'] . ', ' .
++							__('Community:') . ' ' . html_escape($item['snmp_community']) . ', ' .
+ 							__('OID:') . ' ' . filter_value($item['arg1'], get_request_var('filter'));
+ 					} else {
+ 						$details =
+ 							__('SNMP Version:') . ' ' . $item['snmp_version'] . ', ' .
+-							__('User:') . ' ' . $item['snmp_username'] . ', ' . __('OID:') . ' ' . $item['arg1'];
++							__('User:') . ' ' . html_escape($item['snmp_username']) . ', ' . __('OID:') . ' ' . html_escape($item['arg1']);
+ 					}
+ 				} elseif ($item['action'] == 1) {
+ 						$details = __('Script:') . ' ' . filter_value($item['arg1'], get_request_var('filter'));
+@@ -1860,6 +1860,7 @@ function utilities_view_poller_cache() {
+ 				}
+ 
+ 				print $details;
++
+ 				?>
+ 				</td>
+ 			</tr>
+@@ -1869,7 +1870,7 @@ function utilities_view_poller_cache() {
+ 				<td colspan='2'>
+ 				</td>
+ 				<td>
+-					<?php print __('RRD:');?> <?php print $item['rrd_path'];?>
++					<?php print __('RRD:');?> <?php print html_escape($item['rrd_path']);?>
+ 				</td>
+ 			</tr>
+ 			<?php
+-- 
+2.20.1
+
diff -Nru cacti-1.2.2+ds1/debian/patches/series cacti-1.2.2+ds1/debian/patches/series
--- cacti-1.2.2+ds1/debian/patches/series	2019-01-22 20:31:40.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/series	2019-04-09 20:38:14.000000000 +0200
@@ -2,3 +2,4 @@
 enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch
 perl-path.patch
 font-awesome-path.patch
+0001-Resolving-Issue-2581.patch

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Unblocked cacti.

--- End Message ---
Reply to: