Bug#652371: [CVE-2011-4824] SQL injection issue in auth_login.php
tags 652371 patch thanks On Sat, Dec 17, 2011 at 3:07 AM, Florian Weimer f...@deneb.enyo.de wrote: Package: cacti Version: 0.8.7g-1 Tags: security upstream fixed-upstream Severity: grave Several vulnerabilities have been disclosed in cacti: | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h | allows remote attackers to execute arbitrary SQL commands via the | login_username parameter. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824 The upstream announcement also mentions Cross-site scripting issues: http://www.cacti.net/release_notes_0_8_7h.php Would you please fixed packages for lenny and squeeze and send a source debdiff to the security team? Attached debdiff to fix CVE-2011-4824 in squeeze, for lenny i still waiting my friend Paul from pkg-cacti cacti_0.8.7g-1squeeze1.dsc.debdiff Description: Binary data
Bug#652371: [CVE-2011-4824] SQL injection issue in auth_login.php
Package: cacti Version: 0.8.7g-1 Tags: security upstream fixed-upstream Severity: grave Several vulnerabilities have been disclosed in cacti: | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h | allows remote attackers to execute arbitrary SQL commands via the | login_username parameter. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824 The upstream announcement also mentions Cross-site scripting issues: http://www.cacti.net/release_notes_0_8_7h.php Would you please fixed packages for lenny and squeeze and send a source debdiff to the security team? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org