Bug#947374: cacti: CVE-2019-17357: does not seem to affect stretch

> > rationale: template_id is sanitized at line 1048: > > input_validate_input_number(get_request_var_request("template_id")); > […] > > Chris: you worked on cacti in jessie and triaged it not-affected. Jessie > > has a similar version, does this match your findings? > > Ah yes; well-spotted. :)

Bug#947374: cacti: CVE-2019-17357: does not seem to affect stretch

Hi Hugo, > rationale: template_id is sanitized at line 1048: > input_validate_input_number(get_request_var_request("template_id")); […] > Chris: you worked on cacti in jessie and triaged it not-affected. Jessie > has a similar version, does this match your findings? Ah yes; well-spotted. :)

Bug#947374: cacti: CVE-2019-17357: does not seem to affect stretch

Hi, after taking a look at the source code, this vulnerability does not seem to affect cacti 0.8.8h+ds1-10 (stretch). rationale: template_id is sanitized at line 1048: input_validate_input_number(get_request_var_request("template_id")); This check was replaced over time and gradually

Bug#947374: cacti: CVE-2019-17357

Source: cacti Version: 1.2.7+ds1-1 Severity: important Tags: security upstream Forwarded: https://github.com/Cacti/cacti/issues/3025 Hi, The following vulnerability was published for cacti. CVE-2019-17357[0]: |When viewing graphs, some input variables are not properly checked (SQL |injection