[Pkg-cacti-maint] Bug#1095721: cacti: Incomplete fix for CVE-2024-54146
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 12 06:37:29 GMT 2025
Control: retitle -1 cacti: CVE-2025-26520 (Incomplete fix for CVE-2024-54146)
On Tue, Feb 11, 2025 at 08:41:30AM +0100, Salvatore Bonaccorso wrote:
> Source: cacti
> Version: 1.2.28+ds1-4
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/Cacti/cacti/pull/6096
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
>
> Hi
>
> As reported by Sylvain, the fix for CVE-2024-54146 was incomplete.
>
> https://github.com/Cacti/cacti/pull/6096
> https://github.com/Cacti/cacti/commit/7fa60c03ad4a69c701ac6b77c85a8927df7acd51
This has a separate CVE, CVE-2025-26520.
Regards,
Salvatore
More information about the Pkg-cacti-maint
mailing list