Your message dated Fri, 09 Aug 2013 21:18:36 +0000
with message-id <[email protected]>
and subject line Bug#719156: fixed in cacti 0.8.8b+dfsg-2
has caused the Debian Bug report #719156,
regarding Regression in fixes for CVE-2013-1435
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
719156: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719156
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cacti
Version: 0.8.8b+dfsg-1
Severity: normal
Tags: patch upstream
There is a regression in the rrd fix for CVE-2013-1435 in 0.8.8b.
Upstream prepared a patch, see below.
-------- Original Message --------
Subject: Re: Fwd: Re: Multiple vulnerabilities in Cacti 0.8.8a in Debian 7.1
Date: Thu, 8 Aug 2013 21:27:17 +0200
On Thu, Aug 08, 2013 at 08:55:49PM +0200, Paul Gevers wrote:
> Just to be sure, a regression in 0.8.8b surfaced today on the cacti-user
> e-mail list [1] and Gandalf (one of the cacti maintainers) proposed a
> patch [2]. I think we should include the (final) patch in the update.
> What do you think?
>
> Paul
>
> [1] http://sourceforge.net/mailarchive/message.php?msg_id=31262707
> [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262712
> and probably (I have not verified that this is indeed the same):
> http://svn.cacti.net/viewvc?view=rev&revision=7408
> http://svn.cacti.net/viewvc?view=rev&revision=7409
> http://svn.cacti.net/viewvc?view=rev&revision=7413
Yes I agree that the fix for the regression needs to be included. I
have replied to the oss-security list about the regression found.
Could you first apply the patches needed to unstable and give there a
wider basis for testing further regressions?
Thanks for your work on these isues,
Regards,
Salvatore
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.8b+dfsg-2
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 09 Aug 2013 22:34:26 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.8b+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Cacti Maintainer <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Description:
cacti - web interface for graphing of monitoring systems
Closes: 719156
Changes:
cacti (0.8.8b+dfsg-2) unstable; urgency=low
.
* CVE-2013-1435 fix cause a regression in the handling of empty COMMENT
lines in the rrd legend. Fixed by upstream:
fix_COMMENT_in_graph_regression_from_CVE-2013-1435.patch (Closes: #719156)
* Update jquery stylesheet to provide the cacti background color
Checksums-Sha1:
77a2a742ebcaabb4f10209b4b931d9381246465a 1643 cacti_0.8.8b+dfsg-2.dsc
57977715ff799c98f0b7f2eaff9b7f99cf5864de 109710
cacti_0.8.8b+dfsg-2.debian.tar.gz
91143c09c74c7c54ad8c18aaa078dc6d5504f35b 1884036 cacti_0.8.8b+dfsg-2_all.deb
Checksums-Sha256:
2f1216c9b1e6caec8eba4b2b10604010837f4fd1b548f8025ac8eb5814651107 1643
cacti_0.8.8b+dfsg-2.dsc
2e75b28de4723d8aa079ab3f697a33c75cc07b200bd5a14991fcc344fd5cc565 109710
cacti_0.8.8b+dfsg-2.debian.tar.gz
e1ac631a421922f6de1ca99e11b22e7b1a9364e9c41a8c9889c1b78cb5d81906 1884036
cacti_0.8.8b+dfsg-2_all.deb
Files:
e4dbca26cbfb8fb7dbe06e068ceadb10 1643 web extra cacti_0.8.8b+dfsg-2.dsc
e89dd7f28e74e9acbc4ee6d49576be7c 109710 web extra
cacti_0.8.8b+dfsg-2.debian.tar.gz
8b0781eb8d80284900255fde1f5cf5e6 1884036 web extra cacti_0.8.8b+dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJSBVUKAAoJEJxcmesFvXUKDhEH/3Uy+sXI6PVEtoGyf7ijDi74
gRF8l7GVSMDg82mTW2Mz/nHuZIl3oFQuj6+lP730UfXg1nWzZ9wJ1wMvc7McXFT2
1eWSmQ317qWwZh/d0a7W8YHEJYgMHqORCWPj5/Pvw+naZzsnR8a2RNC1Du+jMZm7
oL5hHN2eU0jdrJbnzfqqnzXnhQ6Gfdb4EnBoVAIgVtvmt10wOm6Y013NDlGkARPk
Ex6abIzI3L39zJzYMF2MR54JtzQ71yA3ubptTfnAAHS6OW7RqOTXOmNvFuU5BZZT
O17yaP8+FKoW99+yiueanurtSfE+DJ+azzul4Ctl9Hj0rLrlbIcrO8NQb1KOz2A=
=iul3
-----END PGP SIGNATURE-----
--- End Message ---
