[Pkg-cacti-maint] Bug#719156: Regression in fixes for CVE-2013-1435

Paul Gevers elbrus at debian.org
Thu Aug 8 20:02:18 UTC 2013


Package: cacti
Version: 0.8.8b+dfsg-1
Severity: normal
Tags: patch upstream

There is a regression in the rrd fix for CVE-2013-1435 in 0.8.8b.
Upstream prepared a patch, see below.

-------- Original Message --------
Subject: Re: Fwd: Re: Multiple vulnerabilities in Cacti 0.8.8a in Debian 7.1
Date: Thu, 8 Aug 2013 21:27:17 +0200

On Thu, Aug 08, 2013 at 08:55:49PM +0200, Paul Gevers wrote:
> Just to be sure, a regression in 0.8.8b surfaced today on the cacti-user
> e-mail list [1] and Gandalf (one of the cacti maintainers) proposed a
> patch [2]. I think we should include the (final) patch in the update.
> What do you think?
> 
> Paul
> 
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
> [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262712
>       and probably (I have not verified that this is indeed the same):
>     http://svn.cacti.net/viewvc?view=rev&revision=7408
>     http://svn.cacti.net/viewvc?view=rev&revision=7409
>     http://svn.cacti.net/viewvc?view=rev&revision=7413

Yes I agree that the fix for the regression needs to be included. I
have replied to the oss-security list about the regression found.

Could you first apply the patches needed to unstable and give there a
wider basis for testing further regressions?

Thanks for your work on these isues,

Regards,
Salvatore


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20130808/e76ea2d0/attachment.sig>


More information about the Pkg-cacti-maint mailing list