[Git][security-tracker-team/security-tracker][master] CVE-2020-7106/cacti: add followup patch

Hugo Lefeuvre hle at debian.org
Fri Jan 24 07:35:42 GMT 2020 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfb2cc04 by Hugo Lefeuvre at 2020-01-24T08:34:55+01:00
CVE-2020-7106/cacti: add followup patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1775,6 +1775,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_i
 	NOTE: https://github.com/Cacti/cacti/issues/3191
 	NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
 	NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464
+	NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee
 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
 	- hiredis <unfixed>
 	NOTE: https://github.com/redis/hiredis/issues/754


=====================================
data/dla-needed.txt
=====================================
@@ -11,10 +11,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
 cacti (Chris Lamb)
-  NOTE: CVE-2020-7106: one more followup fix is coming (currently PRed by
-  NOTE: @smutranchi), we should probably wait for the fix to stabilize &
-  NOTE: potential regression reports to come up before releasing a regression
-  NOTE: update (2020-01-23, hle)
 --
 clamav (Hugo Lefeuvre)
   NOTE: 20200111: waiting for 0.102.1 to enter stretch/buster.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfb2cc0469ff9bad20582185965a14beb711ff98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bfb2cc0469ff9bad20582185965a14beb711ff98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200124/ff98c0aa/attachment.html>

More information about the debian-security-tracker-commits mailing list