Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a827e6d7 by Salvatore Bonaccorso at 2026-02-01T08:35:34+01:00
Update status for CVE-2025-45160/cacti
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -616,12 +616,13 @@ CVE-2025-63649 (An out-of-bounds read in the
http_parser_transfer_encoding_chunk
CVE-2025-62514 (Parsec is a cloud-based application for cryptographically
secure file ...)
NOT-FOR-US: Parsec
CVE-2025-45160 (A HTML injection vulnerability exists in the file upload
functionality ...)
- - cacti <unfixed>
- [trixie] - cacti <no-dsa> (Minor issue)
- [bookworm] - cacti <no-dsa> (Minor issue)
+ - cacti 1.2.27+ds1-1
+ [bookworm] - cacti 1.2.24+ds1-1+deb12u3
[bullseye] - cacti <postponed> (Minor issue, reflected XSS, no
JavaScript)
NOTE: https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
- TODO: check if reported upstream
+ NOTE: Upstream confirmed it is covered/fixed with same fixes for
CVE-2023-50250 and
+ NOTE: the followup CVE-2024-29894. Consider it as fixed with the update
including
+ NOTE: both updates.
CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request
forgery vul ...)
NOT-FOR-US: birkir prime
CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting
vulnerability th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a827e6d7bb94f80bd0266fbfb79c5510fa387c90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a827e6d7bb94f80bd0266fbfb79c5510fa387c90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
