[Pkg-cacti-maint] Bug#941036: cacti: CVE-2019-16723
Paul Gevers
elbrus at debian.org
Tue Sep 24 19:43:46 BST 2019
Hi,
On 24-09-2019 05:58, Salvatore Bonaccorso wrote:
> Hi Paul,
>
> On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote:
>> Hi Salvatore,
>>
>> Thanks for your report.
>>
>> On 23-09-2019 22:20, Salvatore Bonaccorso wrote:
>>> The following vulnerability was published for cacti, filling for
>>> tracking the upstream issue. At time of writing, I think there was not
>>> a patch upstream yet.
>>
>> I think there is:
>> https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264
>>
>> It mentioned the wrong issue, as documented here:
>> https://github.com/Cacti/cacti/commit/de3833b0414383efc9e075dd13c95925e2ca504c
>
> "Ack", thank you!
>
> Regards,
> Salvatore
>
While trying to figure out if old-stable is affected, I noticed this is
part of the fix:
https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-cacti-maint/attachments/20190924/27719e0b/attachment.sig>
More information about the Pkg-cacti-maint
mailing list