Your message dated Sat, 24 Apr 2010 18:02:11 +0000
with message-id <e1o5jgb-0007io...@ries.debian.org>
and subject line Bug#578909: fixed in cacti 0.8.7e-3
has caused the Debian Bug report #578909,
regarding SQL injection in templates_export
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
578909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cacti
Version: 0.8.7b-2
Severity: serious
Tags: security patch
Hi,
An SQL injection issue was published in Cacti:
http://seclists.org/fulldisclosure/2010/Apr/272
Both stable and testing/unstable are affected.
Upstream blessed patch is here:
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
CVE id not yet available.
Can you please apply it and upload to unstable with priority=high?
thanks,
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.7e-3
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:
cacti_0.8.7e-3.diff.gz
to main/c/cacti/cacti_0.8.7e-3.diff.gz
cacti_0.8.7e-3.dsc
to main/c/cacti/cacti_0.8.7e-3.dsc
cacti_0.8.7e-3_all.deb
to main/c/cacti/cacti_0.8.7e-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 578...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sean Finney <sean...@debian.org> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 Apr 2010 17:54:20 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7e-3
Distribution: unstable
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Sean Finney <sean...@debian.org>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Closes: 578909
Changes:
cacti (0.8.7e-3) unstable; urgency=high
.
* Import upstream fix for SQL injection vulnerability (no CVE assigned yet)
- thanks to Thijs Kinkhorst <th...@uvt.nl> (Closes: #578909).
Checksums-Sha1:
587a00b63bf43569d395cae2f89ba68b44565da9 1105 cacti_0.8.7e-3.dsc
cbbf92a696e5840f1d250b6fbd3c9507ec333ef4 43070 cacti_0.8.7e-3.diff.gz
f32921330007b7b3056aab33991729f30bc78aac 2090786 cacti_0.8.7e-3_all.deb
Checksums-Sha256:
0e57455f338634e049e1181d25aaaa04eda44408b43c49639d48430275b0b07e 1105
cacti_0.8.7e-3.dsc
1cc97a6a7769341c5df3d828934f86345beefedfe18a6bdb0df273a473cc0c78 43070
cacti_0.8.7e-3.diff.gz
ca0914488a2375b0eb1e1bb78a67d793192c78cbfc29a1d5a5d32e6925da511c 2090786
cacti_0.8.7e-3_all.deb
Files:
469fad8cd95a2dceb227ede5c2193367 1105 web extra cacti_0.8.7e-3.dsc
4da387774e1e301bcae20f5e0a9e33a4 43070 web extra cacti_0.8.7e-3.diff.gz
b742fc29018e301ecb52de84853077f4 2090786 web extra cacti_0.8.7e-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFL0y3HynjLPm522B0RAtP8AJ0Zvg7aMFFwj4qchbt3qhUrzbm90gCeNREN
XjEcxwlaeHeXvWtEXKpLH5k=
=oVT2
-----END PGP SIGNATURE-----
--- End Message ---
