Your message dated Sat, 24 Apr 2010 18:02:11 +0000 with message-id <e1o5jgb-0007io...@ries.debian.org> and subject line Bug#578909: fixed in cacti 0.8.7e-3 has caused the Debian Bug report #578909, regarding SQL injection in templates_export to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 578909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cacti Version: 0.8.7b-2 Severity: serious Tags: security patch Hi, An SQL injection issue was published in Cacti: http://seclists.org/fulldisclosure/2010/Apr/272 Both stable and testing/unstable are affected. Upstream blessed patch is here: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch CVE id not yet available. Can you please apply it and upload to unstable with priority=high? thanks, Thijssignature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Source: cacti Source-Version: 0.8.7e-3 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive: cacti_0.8.7e-3.diff.gz to main/c/cacti/cacti_0.8.7e-3.diff.gz cacti_0.8.7e-3.dsc to main/c/cacti/cacti_0.8.7e-3.dsc cacti_0.8.7e-3_all.deb to main/c/cacti/cacti_0.8.7e-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 578...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sean Finney <sean...@debian.org> (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 24 Apr 2010 17:54:20 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.7e-3 Distribution: unstable Urgency: high Maintainer: Sean Finney <sean...@debian.org> Changed-By: Sean Finney <sean...@debian.org> Description: cacti - Frontend to rrdtool for monitoring systems and services Closes: 578909 Changes: cacti (0.8.7e-3) unstable; urgency=high . * Import upstream fix for SQL injection vulnerability (no CVE assigned yet) - thanks to Thijs Kinkhorst <th...@uvt.nl> (Closes: #578909). Checksums-Sha1: 587a00b63bf43569d395cae2f89ba68b44565da9 1105 cacti_0.8.7e-3.dsc cbbf92a696e5840f1d250b6fbd3c9507ec333ef4 43070 cacti_0.8.7e-3.diff.gz f32921330007b7b3056aab33991729f30bc78aac 2090786 cacti_0.8.7e-3_all.deb Checksums-Sha256: 0e57455f338634e049e1181d25aaaa04eda44408b43c49639d48430275b0b07e 1105 cacti_0.8.7e-3.dsc 1cc97a6a7769341c5df3d828934f86345beefedfe18a6bdb0df273a473cc0c78 43070 cacti_0.8.7e-3.diff.gz ca0914488a2375b0eb1e1bb78a67d793192c78cbfc29a1d5a5d32e6925da511c 2090786 cacti_0.8.7e-3_all.deb Files: 469fad8cd95a2dceb227ede5c2193367 1105 web extra cacti_0.8.7e-3.dsc 4da387774e1e301bcae20f5e0a9e33a4 43070 web extra cacti_0.8.7e-3.diff.gz b742fc29018e301ecb52de84853077f4 2090786 web extra cacti_0.8.7e-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFL0y3HynjLPm522B0RAtP8AJ0Zvg7aMFFwj4qchbt3qhUrzbm90gCeNREN XjEcxwlaeHeXvWtEXKpLH5k= =oVT2 -----END PGP SIGNATURE-----
--- End Message ---