Hi chuegen, As cacti is in the universe component of the repository, it is community maintained and therefore there is no timeframe as to when such a package will be patched in Ubuntu nor any clear indication if a community member is working on this at this time.
You can see the status of this CVE in the Ubuntu CVE Tracker at https://ubuntu.com/security/CVE-2023-39361 Thanks, Alex On Tue, 2023-09-12 at 11:36:47 -0500, chue...@pentics.com wrote: > Hi there, > > The Cacti project provided an announcement of a CVSS 9.8 SQL injection > bug against Cacti (fixed in 1.2.25). Is this being worked, and how long > should I expect before a package becomes available in the Ubuntu 22.04 > security stream? For now, I have disabled the functionality in question > while I await a package update (and I'd like to avoid having to go with > a local version of the updated package if it will be relatively soon). > > -c > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss