Package: cacti Severity: grave Tags: security Hi Sean
the following CVE (Common Vulnerabilities & Exposures) id was published for cacti. CVE-2009-4112[0]: | Cacti 0.8.7e and earlier allows remote authenticated administrators to | gain privileges by modifying the "Data Input Method" for the "Linux - | Get Memory Usage" setting to contain arbitrary commands. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. As discussed with upstream, please make sure that there is a whitelist policy in place for squeeze. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112 http://security-tracker.debian.org/tracker/CVE-2009-4112 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
