Package: cacti Version: 0.8.8b+dfsg-1 Severity: normal Tags: patch upstream
There is a regression in the rrd fix for CVE-2013-1435 in 0.8.8b. Upstream prepared a patch, see below. -------- Original Message -------- Subject: Re: Fwd: Re: Multiple vulnerabilities in Cacti 0.8.8a in Debian 7.1 Date: Thu, 8 Aug 2013 21:27:17 +0200 On Thu, Aug 08, 2013 at 08:55:49PM +0200, Paul Gevers wrote: > Just to be sure, a regression in 0.8.8b surfaced today on the cacti-user > e-mail list [1] and Gandalf (one of the cacti maintainers) proposed a > patch [2]. I think we should include the (final) patch in the update. > What do you think? > > Paul > > [1] http://sourceforge.net/mailarchive/message.php?msg_id=31262707 > [2] http://sourceforge.net/mailarchive/message.php?msg_id=31262712 > and probably (I have not verified that this is indeed the same): > http://svn.cacti.net/viewvc?view=rev&revision=7408 > http://svn.cacti.net/viewvc?view=rev&revision=7409 > http://svn.cacti.net/viewvc?view=rev&revision=7413 Yes I agree that the fix for the regression needs to be included. I have replied to the oss-security list about the regression found. Could you first apply the patches needed to unstable and give there a wider basis for testing further regressions? Thanks for your work on these isues, Regards, Salvatore
signature.asc
Description: OpenPGP digital signature
