[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-54146/cacti: patch doesn't seem to work, link report, consider marking sid unfixed
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Feb 7 19:50:57 GMT 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9284575c by Sylvain Beucler at 2025-02-07T20:50:45+01:00
CVE-2024-54146/cacti: patch doesn't seem to work, link report, consider marking sid unfixed
- - - - -
625d81fa by Sylvain Beucler at 2025-02-07T20:50:47+01:00
CVE-2025-24368/cacti: drop proposed follow-up, frontend fix optional
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2590,8 +2590,8 @@ CVE-2025-24368 (Cacti is an open source performance and fault management framewo
NOTE: Backend fixed by: https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e (release/1.2.27)
NOTE: Frontend fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 (release/1.2.29)
NOTE: Frontend follow-up #1: https://github.com/Cacti/cacti/commit/94526a92b96c01848748602977819cd403932f0a (1.2.x)
- NOTE: Possible follow-up #2: https://github.com/Cacti/cacti/pull/6094
- NOTE: Regression: https://github.com/Cacti/cacti/issues/6090
+ NOTE: Frontend regression: https://github.com/Cacti/cacti/issues/6090
+ NOTE: Frontend fix optional: https://github.com/Cacti/cacti/pull/6094#issuecomment-2643321503
CVE-2025-24367 (Cacti is an open source performance and fault management framework. An ...)
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq
@@ -2715,8 +2715,9 @@ CVE-2024-54146 (Cacti is an open source performance and fault management framewo
[bookworm] - cacti <not-affected> (Vulnerable code introduced later)
[bullseye] - cacti <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj
- NOTE: Fixed by: https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
+ NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
NOTE: Introduced by: https://github.com/Cacti/cacti/commit/645775c1f323fc523bc18954f18a3c144a42956a (release/1.2.27)
+ NOTE: Not actually fixed in 1.2.29 / c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
CVE-2024-54145 (Cacti is an open source performance and fault management framework. Ca ...)
- cacti 1.2.28+ds1-4 (bug #1094574)
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12336b0b5797a7279e0614292bd2d0328a82b1cd...625d81fadacfbb284f6a29bff79269eba8b1d9ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/12336b0b5797a7279e0614292bd2d0328a82b1cd...625d81fadacfbb284f6a29bff79269eba8b1d9ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/4a158a89/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list