[Secure-testing-commits] r39863 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Feb 23 20:28:50 UTC 2016
Author: carnil
Date: 2016-02-23 20:28:50 +0000 (Tue, 23 Feb 2016)
New Revision: 39863
Modified:
data/CVE/list
Log:
Mark CVE-2016-2313/cacti as no-dsa
Unstable version will get the fix at one point unless upstream decided
to revert the change. The fix is disputed to be correct and might cause
more harm for existing setups or regressions. See comments from
maintainer in upstream bugtracker.
Thus mark this as no-dsa for wheezy and jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-23 20:26:55 UTC (rev 39862)
+++ data/CVE/list 2016-02-23 20:28:50 UTC (rev 39863)
@@ -777,6 +777,8 @@
CVE-2016-2313 [Authentication using web authentication as a user not in the cacti database allows complete access]
RESERVED
- cacti <unfixed> (bug #814353)
+ [jessie] - cacti <no-dsa> (Might cause regressions for some setups, to risky, not fully right approach; disputed)
+ [wheezy] - cacti <no-dsa> (Might cause regressions for some setups, to risky, not fully right approach; disputed)
NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
NOTE: http://bugs.cacti.net/view.php?id=2656
NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
More information about the Secure-testing-commits
mailing list