Your message dated Thu, 27 Jul 2017 15:33:59 +0000
with message-id <[email protected]>
and subject line Bug#869848: fixed in cacti 1.1.15+ds1-1
has caused the Debian Bug report #869848,
regarding cacti: CVE-2017-11691: Cross-site scripting vulnerability in
auth_profile.php
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
869848: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cacti
Version: 1.1.13+ds1-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://github.com/Cacti/cacti/issues/867
Hi
There is a XSS vulnerability in auth_profile.php which can be taken
advantage from by authenticated users:
Upstream issue: https://github.com/Cacti/cacti/issues/867
Upstream fix:
https://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c
A CVE has been requested.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 1.1.15+ds1-1
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 27 Jul 2017 10:40:05 -0400
Source: cacti
Binary: cacti
Architecture: source
Version: 1.1.15+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Description:
cacti - web interface for graphing of monitoring systems
Closes: 869848
Changes:
cacti (1.1.15+ds1-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2017-11691 Cross-site scripting (XSS) vulnerability in
auth_profile.php (Closes: #869848)
* Lower the Depends on dbc to include ~ to ease backports
Checksums-Sha1:
3a6c6fa5d54d3b46e3747077edc591b6be807655 2131 cacti_1.1.15+ds1-1.dsc
0ee9c46aacb14248d3e8a3e9b2dff9a246e868b3 66892
cacti_1.1.15+ds1.orig-docs-source.tar.xz
e7aad0139043b84f11f65b390d810ed21ded9d76 3789992 cacti_1.1.15+ds1.orig.tar.gz
f0772720eaed31a369d251cd1ebc1998b7a8156d 49916 cacti_1.1.15+ds1-1.debian.tar.xz
Checksums-Sha256:
ae73226e0d71c12fb99ae627a6ea98ce98c96423b67df50347235fbadc1136f2 2131
cacti_1.1.15+ds1-1.dsc
30931fb415c746524db2d752f8be47f568f7f4dc3ba0cc0a3f184c3951b337e9 66892
cacti_1.1.15+ds1.orig-docs-source.tar.xz
6a0d0a738c10ace43d35de0d29bb414acf1f8b2750db2535a4032750864ef0af 3789992
cacti_1.1.15+ds1.orig.tar.gz
b6a752f3c3bf9b1c503bdf23c1ca80b89ca3a3a92be10b35731eae591f18d315 49916
cacti_1.1.15+ds1-1.debian.tar.xz
Files:
85261be2640b712fe47248f1cdf2b9b8 2131 web extra cacti_1.1.15+ds1-1.dsc
091493e53be845d24ac5bd061acf796f 66892 web extra
cacti_1.1.15+ds1.orig-docs-source.tar.xz
138c424fd40f4825b5a06fbe6e718fbc 3789992 web extra cacti_1.1.15+ds1.orig.tar.gz
da472323e7e9e1c80f450db7db3c4491 49916 web extra
cacti_1.1.15+ds1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAll5/AkACgkQnFyZ6wW9
dQoxYwf/YCrvWh33j24LBJmJ4kPGpggT3Bj/1+K44+CRqLBk/bCpMTAAKWYI1+uT
kh/CtmfCfBgyPfVFdtvyElyJLklvuleld+7oJ4QDV+e14/DifOFmXL5Btv/ksYgp
WFxXObwjEB2SYBbOmAmtWRupCHQkHxHLO0DS/NHKajAidn70JiBiqhWxmpS+Fs4r
X74LvsNMilO90hlk7oc2+h5X2ccDhDXxT0IfzpuzGceO9JGpfqVZXICc9RVCleAj
wooFb3ZM25VqCLkQdGUTE3Gna8B+BlKzQuQAhCNN9biOSkx8erBNa/wAH9pVQ8DV
+B3Fsbs13Fo/GbpqKOKj7SZbcht1qw==
=aXGO
-----END PGP SIGNATURE-----
--- End Message ---
