[Git][security-tracker-team/security-tracker][master] 2 commits: Add a reference to upstream commit in CVE-2020-7107 for cacti.

Chris Lamb lamby at debian.org
Fri Jan 17 09:21:46 GMT 2020 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3bde742a by Chris Lamb at 2020-01-17T09:19:50+00:00
Add a reference to upstream commit in CVE-2020-7107 for cacti.

- - - - -
4ff62e1d by Chris Lamb at 2020-01-17T09:21:34+00:00
data/dla-needed.txt: Triage and claim cacti for jessie LTS (in dsa-needed and I performed the last two updates)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -219,6 +219,7 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS vi
 CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
 	- cacti <unfixed>
 	NOTE: https://github.com/Cacti/cacti/issues/3191
+	NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
 	- hiredis <unfixed>
 	NOTE: https://github.com/redis/hiredis/issues/747


=====================================
data/dla-needed.txt
=====================================
@@ -15,6 +15,8 @@ ansible
   NOTE: CVE-2019-14846 should be an easy fix.
   NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
 --
+cacti (Chris Lamb)
+--
 clamav (Hugo Lefeuvre)
   NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
   NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/34c0451dca1dd5e9e71522a9fb3a159bad582d6e...4ff62e1dc7c203c137155826c067aea1551e221e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/34c0451dca1dd5e9e71522a9fb3a159bad582d6e...4ff62e1dc7c203c137155826c067aea1551e221e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200117/d1fbc113/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list