I have attached a debdiff for Dapper based on Stephan's work. I ran the exploit script to verify, and while the exploit does not succeed, the query simply fails that it attempts. If anyone else has cacti setup and would like to test this patch I'd appreciate it.
** Attachment added: "dapper_cacti_0.8.6h-1ubuntu3.4.debdiff" http://launchpadlibrarian.net/22563785/dapper_cacti_0.8.6h-1ubuntu3.4.debdiff -- [CVE-2007-6035] cacti has a sql injection vulnerability https://bugs.launchpad.net/bugs/164072 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
