Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1ff79ebb by Sylvain Beucler at 2023-12-23T11:41:03+01:00 CVE-2023-39360/cacti: buster vulnerable Partially reverts c2cd83ada63557101b824353810914de3f0106b0 - - - - - c9c83c7f by Sylvain Beucler at 2023-12-23T11:41:50+01:00 CVE-2023-39360/cacti: clarify links - - - - - 2 changed files: - data/CVE/list - + data/CVE/list.orig Changes: ===================================== data/CVE/list ===================================== @@ -18695,11 +18695,10 @@ CVE-2023-39360 (Cacti is an open source operational monitoring and fault managem - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti <not-affected> (Vulnerable code not present) - [buster] - cacti <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 - NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25) - NOTE: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa (release/1.2.25) - NOTE: Introduced by: https://github.com/cacti/cacti/commit/bf292d5d57c2afa108f65198074cd82a40c13fd3 (release/1.2.17) + NOTE: Initial fix: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25) + NOTE: Final fix: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa (release/1.2.25) + NOTE: Attack is usually blocked by browser CORS/CSP policies. CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...) {DSA-5550-1} - cacti 1.2.25+ds1-1 ===================================== data/CVE/list.orig ===================================== The diff for this file was not included because it is too large. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/700ff44c5c12cbb4024757854242d4e86b400bb3...c9c83c7fbdbab5c0692f5685c00276615bee1af7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/700ff44c5c12cbb4024757854242d4e86b400bb3...c9c83c7fbdbab5c0692f5685c00276615bee1af7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits