[Pkg-cacti-maint] Fwd: Re: Multiple vulnerabilities in Cacti 0.8.8a in Debian 7.1
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 8 19:27:17 UTC 2013
Hi Paul,
On Thu, Aug 08, 2013 at 08:55:49PM +0200, Paul Gevers wrote:
> On 08-08-13 11:56, Salvatore Bonaccorso wrote:
> > Assuming both packages were tested, could you please upload to
> > security-master? Please make sure to build the one targetting
> > wheezy-security with -sa to include to orig.tar.gz (as new to the
> > security.d.o archive).
>
> Just to be sure, a regression in 0.8.8b surfaced today on the cacti-user
> e-mail list [1] and Gandalf (one of the cacti maintainers) proposed a
> patch [2]. I think we should include the (final) patch in the update.
> What do you think?
>
> Paul
>
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
> [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262712
> and probably (I have not verified that this is indeed the same):
> http://svn.cacti.net/viewvc?view=rev&revision=7408
> http://svn.cacti.net/viewvc?view=rev&revision=7409
> http://svn.cacti.net/viewvc?view=rev&revision=7413
Yes I agree that the fix for the regression needs to be included. I
have replied to the oss-security list about the regression found.
Could you first apply the patches needed to unstable and give there a
wider basis for testing further regressions?
Thanks for your work on these isues,
Regards,
Salvatore
More information about the Pkg-cacti-maint
mailing list