[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)
Yves-Alexis Perez
corsac at debian.org
Sun Jan 20 17:15:30 UTC 2013
On dim., 2013-01-20 at 13:07 +0100, Salvatore Bonaccorso wrote:
> So I have verified the following things:
>
> - The debdiff contains only the mentioned change (debdiff attached).
>
> - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in
> the produced binary package ganglia-webfrontend.
>
> - If I try to exploit the argument g= passed to graph.php on a
> squeeze with installed package it does not work anymore and in logs
> I correctly notice the Error output produced by the error_log. At
> least with the obvious exploit variant.
Can you upload to security-master? Remember to build with -sa.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-monitoring-maintainers/attachments/20130120/cff7622b/attachment.pgp>
More information about the Pkg-monitoring-maintainers
mailing list