> For the list of issues, see: > http://security-tracker.debian.org/tracker/source-package/cacti > under "Open unimportant issues" (it's a bug that they're listed there, > only the first issue is actually unimportant and may be ignored for lenny) > > Are you in a position to check each of these and provide a package for > lenny that includes fixes for all issues where a fix is needed?
It took more time than expected because the back porting was extensive and much manual labor, but I think that I have the necessary patches now. What is the most appropriate way forward? Is there anybody that can have a thorough look at the patches that I made? (Should I just add them to bug 624516 again?) I did not find all the changes in the upstream commits in our source, because several files have grown upstream. With respect to CVE-2010-2544, I did not find the relevant code at all in Lenny. @Sean, if you give me access to the cacti git on Alioth I can commit my changes. I did request membership several days/weeks ago, but have not seen any response. Paul
signature.asc
Description: OpenPGP digital signature
