[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-23225/cacti

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41adfe6f by Salvatore Bonaccorso at 2022-01-25T21:45:50+01:00
Update status for CVE-2021-23225/cacti

While the MITRE entries are not too much transparent, the CVE is
assigned by the Red Hat CNA. Red Hat refers for CVE-2021-23225 to
https://github.com/Cacti/cacti/issues/1882 which covers a set of issues.

Track CVE-2021-23225 with respect to the upstream issue #1882 and so
mark it as fixed with the first unstable upload after the 1.2.0 upstream
version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18118,11 +18118,8 @@ CVE-2021-3892
 CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...)
 	TODO: check
 CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
-	- cacti <unfixed>
-	TODO: check if these are the correct commits
-	NOTE: https://github.com/Cacti/cacti/commit/6a945c4b4713f80d4fc63369bd5451574ebdec42
-	NOTE: https://github.com/Cacti/cacti/commit/1b9620cc0492ea6f12f63f05c94fff255da8524b
-	NOTE: https://www.cacti.net/info/changelog
+	- cacti 1.2.1+ds1-1
+	NOTE: https://github.com/Cacti/cacti/issues/1882
 CVE-2022-0005
 	RESERVED
 CVE-2022-0004



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41adfe6ff5a19ed59d252deb1cd8a5557d0b4c3a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41adfe6ff5a19ed59d252deb1cd8a5557d0b4c3a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/e9e131f3/attachment-0001.htm>