[Pkg-cacti-maint] Bug#719156: Regression in fixes for CVE-2013-1435
Paul Gevers
elbrus at debian.org
Thu Aug 8 20:02:18 UTC 2013
Package: cacti
Version: 0.8.8b+dfsg-1
Severity: normal
Tags: patch upstream
There is a regression in the rrd fix for CVE-2013-1435 in 0.8.8b.
Upstream prepared a patch, see below.
-------- Original Message --------
Subject: Re: Fwd: Re: Multiple vulnerabilities in Cacti 0.8.8a in Debian 7.1
Date: Thu, 8 Aug 2013 21:27:17 +0200
On Thu, Aug 08, 2013 at 08:55:49PM +0200, Paul Gevers wrote:
> Just to be sure, a regression in 0.8.8b surfaced today on the cacti-user
> e-mail list [1] and Gandalf (one of the cacti maintainers) proposed a
> patch [2]. I think we should include the (final) patch in the update.
> What do you think?
>
> Paul
>
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
> [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262712
> and probably (I have not verified that this is indeed the same):
> http://svn.cacti.net/viewvc?view=rev&revision=7408
> http://svn.cacti.net/viewvc?view=rev&revision=7409
> http://svn.cacti.net/viewvc?view=rev&revision=7413
Yes I agree that the fix for the regression needs to be included. I
have replied to the oss-security list about the regression found.
Could you first apply the patches needed to unstable and give there a
wider basis for testing further regressions?
Thanks for your work on these isues,
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20130808/e76ea2d0/attachment.sig>
More information about the Pkg-cacti-maint
mailing list