[Git][security-tracker-team/security-tracker][master] Track cacti fixes via unstable upload

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 25 21:07:21 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63e2c3bb by Salvatore Bonaccorso at 2023-12-25T22:06:46+01:00
Track cacti fixes via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -195,7 +195,7 @@ CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run a
 CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation Platform  ...)
 	NOT-FOR-US: Nautobot
 CVE-2023-51448 (Cacti provides an operational monitoring and fault management framewor ...)
-	- cacti <unfixed>
+	- cacti 1.2.26+ds1-1
 	[bookworm] - cacti <not-affected> (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied)
 	[bullseye] - cacti <not-affected> (Vulnerable code introduced later; Fix for CVE-2023-30534 not applied)
 	[buster] - cacti <not-affected> (Vulnerable code introduced later)
@@ -262,7 +262,7 @@ CVE-2023-50258 (Medusa is an automatic video library manager for TV shows. Versi
 CVE-2023-50254 (Deepin Linux's default document reader `deepin-reader` software suffer ...)
 	- deepin-reader <itp> (bug #970218)
 CVE-2023-50250 (Cacti is an open source operational monitoring and fault management fr ...)
-	- cacti <unfixed>
+	- cacti 1.2.26+ds1-1
 	[bullseye] - cacti <not-affected> (Vulnerable code introduced later)
 	[buster] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
@@ -282,12 +282,12 @@ CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows a
 	NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md
 	NOTE: Likely the same and duplicate of CVE-2018-10777 and covered by the same fixes applied
 CVE-2023-49088 (Cacti is an open source operational monitoring and fault management fr ...)
-	- cacti <unfixed>
+	- cacti 1.2.26+ds1-1
 	NOTE: Caused by an incomplete fix for CVE-2023-39515
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h (CVE-2023-39515)
 CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...)
-	- cacti <unfixed>
+	- cacti 1.2.26+ds1-1
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855
 CVE-2023-48704 (ClickHouse is an open-source column-oriented database management syste ...)
 	- clickhouse <unfixed> (bug #1059367)
@@ -395,11 +395,11 @@ CVE-2023-49678 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL In
 CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
 	NOT-FOR-US: Job Portal
 CVE-2023-49086 (Cacti is a robust performance and fault management framework and a fro ...)
-	- cacti <unfixed> (bug #1059254)
+	- cacti 1.2.26+ds1-1 (bug #1059254)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr
 	NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
 CVE-2023-49084 (Cacti is a robust performance and fault management framework and a fro ...)
-	- cacti <unfixed> (bug #1059254)
+	- cacti 1.2.26+ds1-1 (bug #1059254)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
 	NOTE: https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
 CVE-2023-48723 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
@@ -10104,7 +10104,7 @@ CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1c
 CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...)
 	NOT-FOR-US: Contec SolarView Compact
 CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker  ...)
-	- cacti <unfixed> (bug #1059286)
+	- cacti 1.2.26+ds1-1 (bug #1059286)
 	[bookworm] - cacti <no-dsa> (Revisit when more details are available)
 	[bullseye] - cacti <no-dsa> (Revisit when more details are available)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e2c3bbd038d1fe0b77819ff0dd9bbb9f0938bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e2c3bbd038d1fe0b77819ff0dd9bbb9f0938bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/79f46e0c/attachment.htm>

More information about the debian-security-tracker-commits mailing list