Re: Cacti vulnerable?
On 08/28/13 09:49, Andrea Venturoli wrote: > ... Is the version in our port tree safe? I'll reply to myself... I just want to thanks everyone who helped fixing this security problem in less than two days!!! Way to go, guys. bye av. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Cacti vulnerable? / vuxml update
Hi! > > In ports we have Cacti 0.8.8a. > > According to 0.8.8b release notes > > (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL > > injection vulnerabilities" were fixed in that release. > > Portaudit doesn't bring up any warning. > > I just send a PR to update the vuxml database ( ports/181606 ) Here's the PR to update the port. http://www.freebsd.org/cgi/query-pr.cgi?pr=181608 -- p...@opsec.eu+49 171 3101372 7 years to go ! ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Cacti vulnerable? / vuxml update
> In ports we have Cacti 0.8.8a. > According to 0.8.8b release notes > (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL > injection vulnerabilities" were fixed in that release. > Portaudit doesn't bring up any warning. I just send a PR to update the vuxml database ( ports/181606 ) ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Cacti vulnerable?
Le 28/08/2013 10:30, John Marino a écrit : > He is saying the ports tree version is 0.8.8a and thus not safe, the > response to the question "is the port tree version safe?" Aha, so I missed something :) > John -- Florent Peterschmitt | Please: flor...@peterschmitt.fr| * Avoid HTML/RTF in E-mail. +33 (0)6 64 33 97 92 | * Send PDF for documents. http://florent.peterschmitt.fr | Thank you :) signature.asc Description: OpenPGP digital signature
Re: Cacti vulnerable?
On 8/28/2013 10:27, Florent Peterschmitt wrote: > Le 28/08/2013 10:10, Rodrigo OSORIO a écrit : >> Hi, >> >> Not really, according to cve, releases before 0.8.8b are affected, >> and we have 0.8.8a. >> >> - rodrigo > > And before 0.8.8b there is 0.8.8a. Or I missed something? You are agreeing with Rodrigo. He is saying the ports tree version is 0.8.8a and thus not safe, the response to the question "is the port tree version safe?" John ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: Cacti vulnerable?
Le 28/08/2013 10:10, Rodrigo OSORIO a écrit : > Hi, > > Not really, according to cve, releases before 0.8.8b are affected, > and we have 0.8.8a. > > - rodrigo And before 0.8.8b there is 0.8.8a. Or I missed something? -- Florent Peterschmitt | Please: flor...@peterschmitt.fr| * Avoid HTML/RTF in E-mail. +33 (0)6 64 33 97 92 | * Send PDF for documents. http://florent.peterschmitt.fr | Thank you :) signature.asc Description: OpenPGP digital signature
Re: Cacti vulnerable?
Hi, Not really, according to cve, releases before 0.8.8b are affected, and we have 0.8.8a. - rodrigo On 28/08/13 09:49 +0200, Andrea Venturoli wrote: > Hello. > > In ports we have Cacti 0.8.8a. > According to 0.8.8b release notes > (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL > injection vulnerabilities" were fixed in that release. > Portaudit doesn't bring up any warning. > > Is the version in our port tree safe? > > bye & Thanks > av. > ___ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Cacti vulnerable?
Hello. In ports we have Cacti 0.8.8a. According to 0.8.8b release notes (http://www.cacti.net/release_notes_0_8_8b.php), "multiple ... SQL injection vulnerabilities" were fixed in that release. Portaudit doesn't bring up any warning. Is the version in our port tree safe? bye & Thanks av. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
