Re: CVE-2016-2313 fix wrong
On 28/07/16 14:59, Matus UHLAR - fantomas wrote: >> On 28/07/16 13:35, Matus UHLAR - fantomas wrote: >>> i believe the fix for CVE-2016-2313 in >>> CVE-2016-2313-authentication-bypass.patch is invalid. > > On 28.07.16 14:26, Emilio Pozuelo Monfort wrote: >> Thanks for the report. I'll look at it later today. > > I have posted cacti bug http://bugs.cacti.net/view.php?id=2697 > and attached patch > http://bugs.cacti.net/file_download.php?file_id=1229=bug > > that should fix the issue. The patch is to be applied to "fixed" version > in debian The patch looks sensible to me, but I'd like to give upstream a few days to comment. BTW you may want to send a pull request at https://github.com/Cacti/cacti Cheers, Emilio
Re: CVE-2016-2313 fix wrong
On 28/07/16 13:35, Matus UHLAR - fantomas wrote: i believe the fix for CVE-2016-2313 in CVE-2016-2313-authentication-bypass.patch is invalid. On 28.07.16 14:26, Emilio Pozuelo Monfort wrote: Thanks for the report. I'll look at it later today. I have posted cacti bug http://bugs.cacti.net/view.php?id=2697 and attached patch http://bugs.cacti.net/file_download.php?file_id=1229=bug that should fix the issue. The patch is to be applied to "fixed" version in debian -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete