just for the record, i haven't yet uploaded a new unstable version yet, mostly because i was waiting for upstream to roll out a fix for the 0.8.7f release, which apparently contained a number of regressions. If I don't see any movement on that by the end of the weekend i'll go ahead and look at applying the patch against unstable/0.8.7e.
sean
On Thu, Jun 10, 2010 at 05:42:52PM +0200, Nico Golde wrote:
> Hi,
> attached is a patch for CVE-2010-2092.
> Cheers
> Nico
> --- graph.php 2009-06-28 18:07:11.000000000 +0200
> +++ graph.php.new 2010-06-10 17:41:07.000000000 +0200
> @@ -33,7 +33,7 @@
> include_once("./include/top_graph_header.php");
>
> /* ================= input validation ================= */
> -input_validate_input_regex(get_request_var_request("rra_id"),
> "^([0-9]+|all)$");
> +input_validate_input_regex(get_request_var("rra_id"), "^([0-9]+|all)$");
> input_validate_input_number(get_request_var("local_graph_id"));
> input_validate_input_regex(get_request_var_request("view_type"),
> "^([a-zA-Z0-9]+)$");
> /* ==================================================== */
--
signature.asc
Description: Digital signature
