[Git][security-tracker-team/security-tracker][master] CVE-2020-35701/cacti: stretch not-affected

Thu Jan 14 14:44:53 GMT 2021


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8782f134 by Sylvain Beucler at 2021-01-14T15:44:10+01:00
CVE-2020-35701/cacti: stretch not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6635,8 +6635,10 @@ CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20
 	NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
 CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...)
 	- cacti <unfixed> (bug #979998)
+	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/issues/4022
 	NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
+	NOTE: Introduced in https://github.com/Cacti/cacti/commit/6e1b8431b77efe55ba5115e35fe045e101dd619b (1.2.0)
 CVE-2020-35700
 	RESERVED
 CVE-2020-35699



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8782f134bddd0ca6992b261bd68ef72a91ee9071

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8782f134bddd0ca6992b261bd68ef72a91ee9071
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210114/d81dc2eb/attachment.html>
