[Git][security-tracker-team/security-tracker][master] 2 commits: Add a reference to upstream commit in CVE-2020-7107 for cacti.
Chris Lamb
lamby at debian.org
Fri Jan 17 09:21:46 GMT 2020
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bde742a by Chris Lamb at 2020-01-17T09:19:50+00:00
Add a reference to upstream commit in CVE-2020-7107 for cacti.
- - - - -
4ff62e1d by Chris Lamb at 2020-01-17T09:21:34+00:00
data/dla-needed.txt: Triage and claim cacti for jessie LTS (in dsa-needed and I performed the last two updates)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -219,6 +219,7 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS vi
CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/issues/3191
+ NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
- hiredis <unfixed>
NOTE: https://github.com/redis/hiredis/issues/747
=====================================
data/dla-needed.txt
=====================================
@@ -15,6 +15,8 @@ ansible
NOTE: CVE-2019-14846 should be an easy fix.
NOTE: CVE-2019-14858's upstream patch is too big; fails to work properly. (utkarsh2102)
--
+cacti (Chris Lamb)
+--
clamav (Hugo Lefeuvre)
NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.
NOTE: 0.102.* introduces a fair amount of ABI changes, and the migration
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/34c0451dca1dd5e9e71522a9fb3a159bad582d6e...4ff62e1dc7c203c137155826c067aea1551e221e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/34c0451dca1dd5e9e71522a9fb3a159bad582d6e...4ff62e1dc7c203c137155826c067aea1551e221e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200117/d1fbc113/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list