[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-54146

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d025efea by Salvatore Bonaccorso at 2025-02-08T09:33:53+01:00
Update status for CVE-2024-54146

I have put a question for upstream in
https://github.com/Cacti/cacti/pull/6096#issuecomment-2644723767 to
understand if this is considered a separate issue.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2923,13 +2923,15 @@ CVE-2024-55228 (A cross-site scripting (XSS) vulnerability in the Product module
 CVE-2024-55227 (A cross-site scripting (XSS) vulnerability in the Events/Agenda module ...)
 	- dolibarr <removed>
 CVE-2024-54146 (Cacti is an open source performance and fault management framework. Ca ...)
-	- cacti 1.2.28+ds1-4 (bug #1094574)
+	- cacti <unfixed>
 	[bookworm] - cacti <not-affected> (Vulnerable code introduced later)
 	[bullseye] - cacti <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vj9g-p7f2-4wqj
-	NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
 	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/645775c1f323fc523bc18954f18a3c144a42956a (release/1.2.27)
-	NOTE: Not actually fixed in 1.2.29 / c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
+	NOTE: Not actually fixed in 1.2.29 for GHSA-vj9g-p7f2-4wqj with original fix:
+	NOTE: https://github.com/Cacti/cacti/commit/ c7e4ee798d263a3209ae6e7ba182c7b65284d8f0
+	NOTE: Proposed fix: https://github.com/Cacti/cacti/pull/6096
+	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
 CVE-2024-54145 (Cacti is an open source performance and fault management framework. Ca ...)
 	- cacti 1.2.28+ds1-4 (bug #1094574)
 	NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d025efea823ab81ae069e768b52d8baf41343e88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d025efea823ab81ae069e768b52d8baf41343e88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250208/50070120/attachment.htm>