[Pkg-cacti-maint] Bug#881110: cacti: CVE-2017-16641: arbitrary execution of os commands via path_rrdtool parameter in an action=save request

Paul Gevers elbrus at debian.org
Fri Nov 10 18:47:22 UTC 2017

Control: found 881110 0.8.8a+dfsg-5+deb7u10

On 07-11-17 22:17, Salvatore Bonaccorso wrote:
> Please adjust the affected versions in the BTS as needed, only did
> check unstable's version for now source-wise.

All versions in Debian are affected.

Unfortunately the upstream commit contains much unneeded changes to fix
the issue. Additionally for pre-buster fixes, the code in settings.php
is seriously different.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20171110/09f6f9db/attachment.sig>

More information about the Pkg-cacti-maint mailing list