Release bump because Its friday and I'm stupid

CVE-2007-3112.patch

@@ -0,0 +1,29 @@
+--- branches/BRANCH_0_8_6/cacti/graph_image.php	2007/03/04 20:17:57	3898
++++ branches/BRANCH_0_8_6/cacti/graph_image.php	2007/06/04 06:41:13	3956
+@@ -49,22 +49,22 @@
+ $graph_data_array = array();
+ 
+ /* override: graph start time (unix time) */
+-if (!empty($_GET["graph_start"])) {
++if (!empty($_GET["graph_start"]) && $_GET["graph_start"] < 1600000000) {
+ 	$graph_data_array["graph_start"] = $_GET["graph_start"];
+ }
+ 
+ /* override: graph end time (unix time) */
+-if (!empty($_GET["graph_end"])) {
++if (!empty($_GET["graph_end"]) && $_GET["graph_end"] < 1600000000) {
+ 	$graph_data_array["graph_end"] = $_GET["graph_end"];
+ }
+ 
+ /* override: graph height (in pixels) */
+-if (!empty($_GET["graph_height"])) {
++if (!empty($_GET["graph_height"]) && $_GET["graph_height"] < 3000) {
+ 	$graph_data_array["graph_height"] = $_GET["graph_height"];
+ }
+ 
+ /* override: graph width (in pixels) */
+-if (!empty($_GET["graph_width"])) {
++if (!empty($_GET["graph_width"]) && $_GET["graph_width"] < 3000) {
+ 	$graph_data_array["graph_width"] = $_GET["graph_width"];
+ }
+ 

cacti.spec

@@ -1,6 +1,6 @@
 Name: cacti
 Version: 0.8.6j
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: An rrd based graphing tool
 
 Group: Applications/System
@@ -105,7 +105,7 @@ fi
 %attr(0644,root,root) %{_localstatedir}/lib/%{name}/lib
 
 %changelog
-* Fri Sep 14 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.6j-7
+* Fri Sep 14 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.6j-8
 - Fix for CVE-2007-3112 bz#243592
 
 * Sat Sep 08 2007 Mike McGrath <mmcgrath@redhat.com> - 0.8.6j-6