> > rationale: template_id is sanitized at line 1048:
> > input_validate_input_number(get_request_var_request("template_id"));
> […]
> > Chris: you worked on cacti in jessie and triaged it not-affected. Jessie
> > has a similar version, does this match your findings?
>
> Ah yes; well-spotted. :)
Ack, same for stretch in the end. :)
BTW, there is a confusion in the jessie update, the changelog says it fixes
CVE-2019-17357 and the patch is called CVE-2019-17357.patch, but the
actual CVE being fixed is CVE-2019-17358, not CVE-2019-17357.
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
