[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add three new cacti CVEs
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 12 19:31:25 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
816700f8 by Salvatore Bonaccorso at 2018-04-12T20:27:55+02:00
Add three new cacti CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,12 @@
+CVE-2018-10061 [XSS because making certain htmlspecialchars calls without the ENT_QUOTES flag]
+ - cacti 1.1.37+ds1-1
+ NOTE: https://github.com/Cacti/cacti/issues/1457
+CVE-2018-10060 [XSS related issue to use of the sanitize_uri function in lib/functions.php]
+ - cacti 1.1.37+ds1-1
+ NOTE: https://github.com/Cacti/cacti/issues/1457
+CVE-2018-10059 [XSS related issue in get_current_page]
+ - cacti 1.1.37+ds1-1
+ NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10058
RESERVED
CVE-2018-10057
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/816700f87beddb305195b9dbff1d0ce3b9047b9c
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/816700f87beddb305195b9dbff1d0ce3b9047b9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180412/9b6682d5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list