Your message dated Mon, 25 Dec 2023 20:49:36 +0000
with message-id <[email protected]>
and subject line Bug#1059286: fixed in cacti 1.2.26+ds1-1
has caused the Debian Bug report #1059286,
regarding cacti: CVE-2023-46490
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1059286: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cacti
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for cacti.
CVE-2023-46490[0]:
| SQL Injection vulnerability in Cacti v1.2.25 allows a remote
| attacker to obtain sensitive information via the form_actions()
| function in the managers.php function.
https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53
There's also a reference for
https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c
but it's noin-public for two months now, might be worth checking with
upstream for the status.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-46490
https://www.cve.org/CVERecord?id=CVE-2023-46490
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 1.2.26+ds1-1
Done: Paul Gevers <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 24 Dec 2023 21:46:33 +0100
Source: cacti
Architecture: source
Version: 1.2.26+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Closes: 1059254 1059286
Changes:
cacti (1.2.26+ds1-1) unstable; urgency=medium
.
* postinst/postrm: ensure DEBHELPER content is always run
* New upstream version 1.2.26+ds1
Fixes the following vulnerabilities: CVE-2023-49084, CVE-2023-49085,
CVE-2023-49086, CVE-2023-49088 CVE-2023-46490, CVE-2023-51448 and
CVE-2023-50250 (Closes: #1059254, #1059286)
* font-awesom-path.patch: refresh
* Depends on node-dompurify and link purify.js instead of using upstream
vendored version
Checksums-Sha1:
da4aed01ee4a13d52cbfcd0f12348e4b74bce0d3 2231 cacti_1.2.26+ds1-1.dsc
f5d11a7a734889eb41660d2717f1165b8f2e8d7f 24214045
cacti_1.2.26+ds1.orig-docs-source.tar.gz
64e1d3bf34784c1500f3181d5caab45ef289a35c 10834472 cacti_1.2.26+ds1.orig.tar.gz
7f880149edd7e5668489a5638784b7873bdd38d4 57492 cacti_1.2.26+ds1-1.debian.tar.xz
Checksums-Sha256:
e97c500888ceb1d076734a8e94d7ca37d6ccf6dde6990dff560fb35715d0e38f 2231
cacti_1.2.26+ds1-1.dsc
6913e0dbeb8f63c133e310d86b02351170cebcfb5350b341c5e5b90fda9257dd 24214045
cacti_1.2.26+ds1.orig-docs-source.tar.gz
0e96f66dbb77e8a43896be7627746353400a2cfcca185b89231d821cfb92fb65 10834472
cacti_1.2.26+ds1.orig.tar.gz
0491878922a2bfff4598bcfcf10577d35d0e2da62582c3d468eec7d7bb81bfe5 57492
cacti_1.2.26+ds1-1.debian.tar.xz
Files:
c95590ff6fca61bd640bf57abda37564 2231 web optional cacti_1.2.26+ds1-1.dsc
5c242ea7e3cc30be24ce1c52829ff067 24214045 web optional
cacti_1.2.26+ds1.orig-docs-source.tar.gz
c67367112f465dce7a2d0dd2b2dbb953 10834472 web optional
cacti_1.2.26+ds1.orig.tar.gz
3acc85905d1d2caf70f34ddbde4d8abb 57492 web optional
cacti_1.2.26+ds1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmWJ5fwACgkQnFyZ6wW9
dQqKuAf+Mk4JjcSR1PFTGMN/NYMpGFyJqoxUF8spQyaen4occVhMHDwhQaMhiwRW
mT/bYYU3qnJrnBEy36W8DC6QoB7o6RqECPGt9yRSk7ieNNfN10L7d655ZzPVrM+G
YFFT1n+9Se+de6NJ2lEEvaBO5s+xsegmm2e72UOMu4ncC/am2vWRrhnEtmYT6SyZ
NqgKdHTZdjnBWh8yDE9xYDq8wfe7vg1xAg9hWWdZ6rBRnLYau2DflOfWlZUYjgIU
nvjpifM34R+FIu86Tl9dm/rr32IJkC2JUsXCgg4rdUe24MxifzgUJVh9VStKKJ7N
LOtNIWgnePYxEv8upCXZUByNgaSAfw==
=gTzz
-----END PGP SIGNATURE-----
--- End Message ---
