Hi, On Tue, Sep 24, 2019 at 08:43:46PM +0200, Paul Gevers wrote: > Hi, > > On 24-09-2019 05:58, Salvatore Bonaccorso wrote: > > Hi Paul, > > > > On Mon, Sep 23, 2019 at 10:28:31PM +0200, Paul Gevers wrote: > >> Hi Salvatore, > >> > >> Thanks for your report. > >> > >> On 23-09-2019 22:20, Salvatore Bonaccorso wrote: > >>> The following vulnerability was published for cacti, filling for > >>> tracking the upstream issue. At time of writing, I think there was not > >>> a patch upstream yet. > >> > >> I think there is: > >> https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264 > >> > >> It mentioned the wrong issue, as documented here: > >> https://github.com/Cacti/cacti/commit/de3833b0414383efc9e075dd13c95925e2ca504c > > > > "Ack", thank you! > > > > Regards, > > Salvatore > > > > While trying to figure out if old-stable is affected, I noticed this is > part of the fix: > https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2
Added this as well as further reference for the CVE! Regards, Salvatore
