[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)
carnil at debian.org
Sun Jan 20 17:50:01 UTC 2013
On Sun, Jan 20, 2013 at 06:15:30PM +0100, Yves-Alexis Perez wrote:
> On dim., 2013-01-20 at 13:07 +0100, Salvatore Bonaccorso wrote:
> > So I have verified the following things:
> > - The debdiff contains only the mentioned change (debdiff attached).
> > - The patch is applied to /usr/share/ganglia-webfrontend/graph.php in
> > the produced binary package ganglia-webfrontend.
> > - If I try to exploit the argument g= passed to graph.php on a
> > squeeze with installed package it does not work anymore and in logs
> > I correctly notice the Error output produced by the error_log. At
> > least with the obvious exploit variant.
> Can you upload to security-master? Remember to build with -sa.
And thanks for your work on the Security Team!
More information about the Pkg-monitoring-maintainers