Your message dated Thu, 14 Apr 2022 09:03:55 +0000
with message-id <[email protected]>
and subject line Bug#1008693: fixed in cacti 1.2.20+ds1-1
has caused the Debian Bug report #1008693,
regarding cacti: CVE-2022-0730
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1008693: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: cacti
Version: 1.2.19+ds1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/Cacti/cacti/issues/4562
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for cacti.
CVE-2022-0730[0]:
| Under certain ldap conditions, Cacti authentication can be bypassed
| with certain credential types.
It will be fixed in 1.2.20 presumably according to the available
information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
[1] https://github.com/Cacti/cacti/issues/4562
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 1.2.20+ds1-1
Done: Paul Gevers <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Apr 2022 10:16:39 +0200
Source: cacti
Architecture: source
Version: 1.2.20+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Cacti Maintainer <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Closes: 913385 1008693
Changes:
cacti (1.2.20+ds1-1) unstable; urgency=medium
.
* New upstream version 1.2.20+ds1
CVE-2022-0730: Under certain ldap conditions, Cacti authentication can
be bypassed with certain credential types. (Closes: #1008693)
* d/copyright: update
* strip away and replace some of the new midwinter theme like we do for
other themes
* Refresh patches and drop those that are part of 1.2.20
* cacti.links: drop dejavu links as cacti now finds system fonts by
itself
* Replace dependency on libjs-d3 by node-d3 (Closes: #913385)
* Replace broken package (Upstream bug: #4685)
* Fix multiple issues with new cli scripts (detected by test suite
failure)
Checksums-Sha1:
5a913ba08fed21e50f03ca3d6799e33708dc4ff2 2140 cacti_1.2.20+ds1-1.dsc
053ff66d2a0fff9fdd9351c900b0af9403732a6e 23953741
cacti_1.2.20+ds1.orig-docs-source.tar.gz
2e12001831b697430f3d53f08e9dcc5155151230 8411583 cacti_1.2.20+ds1.orig.tar.gz
cc139781096ac3d9fad87de00fd4083f1354a0ca 912216
cacti_1.2.20+ds1-1.debian.tar.xz
Checksums-Sha256:
73d2584ed874a5712e709d8309a11eeb5ccf6cd12d208d0c0a4984710b8d434b 2140
cacti_1.2.20+ds1-1.dsc
893a9d05b6eb331468e28eb2620f17f37314239419cf5c64c4ce47d7463aa2b6 23953741
cacti_1.2.20+ds1.orig-docs-source.tar.gz
635e7be19f5d5c7dcc44e64675ccb79991dc34bcc8723ac541d74e4da676a0ed 8411583
cacti_1.2.20+ds1.orig.tar.gz
287b0f59cd002ca46464681e21d94ba69ec58e27657bc1162336ea9ceff9d9c7 912216
cacti_1.2.20+ds1-1.debian.tar.xz
Files:
a25c4b99da6b1208abe01a28bf72a725 2140 web optional cacti_1.2.20+ds1-1.dsc
b6a18dc7535b4903985dd21ba921b174 23953741 web optional
cacti_1.2.20+ds1.orig-docs-source.tar.gz
fba23aed1e500833d297d8a0e4c95653 8411583 web optional
cacti_1.2.20+ds1.orig.tar.gz
c15261378b897907239d76491193e357 912216 web optional
cacti_1.2.20+ds1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmJX4SMACgkQnFyZ6wW9
dQq3CggAnHJgIakwplWDUB/YrxXkZkroHKEMWEjs+/U+rZQC1V2NS3T0U3ZjTAt8
oHjg82VOkycOcQqwuYWlhPcVinikQLb6Dq08BcOTvOs4cIkJEX2d3YTypAigTxHh
OBgHG0QwK9UQHphwptT2vi+VH8i1b9XR7orGuTHfiRg1Zv3WbSxUZfwpPBoUMK60
UFBaz4VfKBnVE7Vs+ftCEpj/DJGXsnGxxv+AgCrNZy16GdfHpslFG+v8anRo9KK6
2xPKAaehNP1XDSx1gh8fecCcmLEy/popoVxhXgIYxC1yQWXT+n1++D5LieoqVYxL
ury+tCsLVeH8C1gqyOSsFl1feS/bDg==
=BB3G
-----END PGP SIGNATURE-----
--- End Message ---
