gentoo resync : 22.01.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-01-22 20:28:19 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2021-01-22 20:28:19 +0000
commit: abaa75b10f899ada8dd05b23cc03205064394bc6 (patch)
tree: eca3dd248b73b92013cba00a0fcc1edf2696e19a /net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
parent: 24fd814c326e282c4321965c31f341dad77e270d (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch b/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
new file mode 100644
index 000000000000..f55b7b0a40df
--- /dev/null
+++ b/net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
@@ -0,0 +1,29 @@
+https://bugs.gentoo.org/765019
+https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
+
+From 565e0604a53f4988dc5b544d01f4a631eaa80d82 Mon Sep 17 00:00:00 2001
+From: TheWitness <thewitness@cacti.net>
+Date: Thu, 24 Dec 2020 10:39:50 -0500
+Subject: [PATCH] Fixing Issue #4022
+
+SQL Injection in data_debug.php
+--- a/data_debug.php
++++ b/data_debug.php
+@@ -35,6 +35,8 @@
+ 
+ set_default_action();
+ 
++validate_request_vars();
++
+ switch (get_request_var('action')) {
+ 	case 'actions':
+ 		form_actions();
+@@ -123,8 +125,6 @@
+ 
+ 		break;
+ 	default:
+-		validate_request_vars();
+-
+ 		$refresh = array(
+ 			'seconds' => get_request_var('refresh'),
+ 			'page'    => 'data_debug.php?header=false',
author	V3n3RiX <venerix@redcorelinux.org>	2021-01-22 20:28:19 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2021-01-22 20:28:19 +0000
commit	abaa75b10f899ada8dd05b23cc03205064394bc6 (patch)
tree	eca3dd248b73b92013cba00a0fcc1edf2696e19a /net-analyzer/cacti/files/cacti-1.2.16-CVE-2020-35701.patch
parent	24fd814c326e282c4321965c31f341dad77e270d (diff)