[Secure-testing-commits] r48831 - data/CVE
Paul Mathijs Gevers
elbrus at moszumanska.debian.org
Fri Feb 10 08:45:23 UTC 2017
Author: elbrus
Date: 2017-02-10 08:45:23 +0000 (Fri, 10 Feb 2017)
New Revision: 48831
Modified:
data/CVE/list
Log:
CVE: Tag cacti CVE-2014-4000 as fixed with the right version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-10 08:12:43 UTC (rev 48830)
+++ data/CVE/list 2017-02-10 08:45:23 UTC (rev 48831)
@@ -86030,12 +86030,11 @@
CVE-2014-4000 [PHP Object Injection Vulnerabilities]
RESERVED
- cacti 0.8.8e+ds1-1 (low)
- [jessie] - cacti <unfixed>
- [wheezy] - cacti <unfixed>
+ [jessie] - cacti 0.8.8b+dfsg-8+deb8u3
+ [wheezy] - cacti 0.8.8a+dfsg-5+deb7u7
NOTE: http://www.cacti.net/release_notes_1_0_0.php
NOTE: http://bugs.cacti.net/view.php?id=2452 (not accessible: marked as security issue)
- NOTE: Upstream responded to inquires and mentioned that the fix was already in 0.8.8h
- NOTE: but just didn't make the changelog.
+ NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
NOTE: This CVE was fixed by introduction of the function sanitize_unserialize_selected_items
NOTE: in version 0.8.8e and calling it instead of unserialize(stripslashes()).
NOTE: Affected files require authenticated users.
More information about the Secure-testing-commits
mailing list