Control: tags -1 + confirmed On Thu, 2020-07-02 at 20:54 +0200, Paul Gevers wrote: > There have been several CVE reports against cacti since the last > security update. I have created a new package based on the upstream > patches that fix those issues. Unfortunately, upstream has a tendency > to regularly add a bit of fluff to those type of patches. In this > case, upstream has canonized the solution for html escaping. To avoid > making mistakes, I have left those canonizations in the patch, making > it slightly bigger than necessary for the pure fix, but I believe at > lower risk. > > The reason why I started this PU is however a different issue > (https://github.com/Cacti/cacti/issues/3245), where the graphs that > are produced by cacti can't be manipulated for dates after Sep 13 > 2020. >
Please go ahead. Regards, Adam