Bug 1121194 - Update for CVE-2014-4002 broke add to tree
Summary: Update for CVE-2014-4002 broke add to tree
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: cacti
Version: el5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-18 15:29 UTC by Trevor Hemsley
Modified: 2019-02-15 13:43 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-08 16:42:27 UTC


Attachments (Terms of Use)

Description Trevor Hemsley 2014-07-18 15:29:25 UTC
Description of problem:
Since the update for CVE-2014-4002 0.8.8b-7 was applied, it is no longer possible to use Graph Management -> Add to Tree


Version-Release number of selected component (if applicable):
0.8.8b-7

How reproducible:
Always

Steps to Reproduce:
1. Login to cacti with admin ability
2. Go to Console -> Graph Management
3. Place check mark next to a graph you'd like to add to a tree and select "Place on a Tree (Default Tree)" (or any other you fancy) and click Go

Actual results:
 Validation error. 

Expected results:
Selection dialog asking which part of the tree to add it to

Additional info:
Only since the latest update which was to validate inputs more strictly. Looks like too strictly :-(

Comment 1 stein 2014-08-05 15:22:42 UTC
This is fixed with cacti svn revision 7458

http://svn.cacti.net/viewvc/cacti/branches/0.8.8/graphs.php?r1=7452&r2=7458

also see comment #6 in bug 1113035

Comment 3 Peng Yong 2014-09-01 08:03:34 UTC
svn co svn://svn.cacti.net/cacti/cacti/branches/0.8.8/ cacti-0.8.8/
cd  cacti-0.8.8/
svn diff -r 7457:7458 > /tmp/p.txt
cd /usr/share/cacti
patch -p0 < /tmp/p.txt

Comment 4 Ken Dreyer 2015-03-25 12:16:30 UTC
The package has been retired in Rawhide for a while. See http://forums.cacti.net/viewtopic.php?f=2&t=53607 and https://lists.fedoraproject.org/pipermail/devel/2014-October/203695.html

Today I've removed myself from the package in pkgdb.

Jon, please feel free to orphan or retire this package in EPEL.

Comment 5 Trevor Hemsley 2017-02-08 16:42:27 UTC
Since 0.8.8h-1.el7 in in EPEL7 and EPEL6, this is now fixed and can be closed.


Note You need to log in before you can comment on or make changes to this bug.