[Pkg-cacti-maint] Bug#941036: cacti: CVE-2019-16723
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 24 19:55:54 BST 2019
Hi,
On Tue, Sep 24, 2019 at 08:43:46PM +0200, Paul Gevers wrote:
> Hi,
>
> On 24-09-2019 05:58, Salvatore Bonaccorso wrote:
> > Hi Paul,
> >
> > On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote:
> >> Hi Salvatore,
> >>
> >> Thanks for your report.
> >>
> >> On 23-09-2019 22:20, Salvatore Bonaccorso wrote:
> >>> The following vulnerability was published for cacti, filling for
> >>> tracking the upstream issue. At time of writing, I think there was not
> >>> a patch upstream yet.
> >>
> >> I think there is:
> >> https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264
> >>
> >> It mentioned the wrong issue, as documented here:
> >> https://github.com/Cacti/cacti/commit/de3833b0414383efc9e075dd13c95925e2ca504c
> >
> > "Ack", thank you!
> >
> > Regards,
> > Salvatore
> >
>
> While trying to figure out if old-stable is affected, I noticed this is
> part of the fix:
> https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2
Added this as well as further reference for the CVE!
Regards,
Salvatore
More information about the Pkg-cacti-maint
mailing list