Your message dated Sat, 24 Apr 2010 01:52:44 +0000
with message-id <e1o5uy0-00059h...@ries.debian.org>
and subject line Bug#578909: fixed in cacti 0.8.7b-2.1+lenny2
has caused the Debian Bug report #578909,
regarding SQL injection in templates_export
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
578909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578909
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cacti
Version: 0.8.7b-2
Severity: serious
Tags: security patch

Hi,

An SQL injection issue was published in Cacti:
http://seclists.org/fulldisclosure/2010/Apr/272
Both stable and testing/unstable are affected.

Upstream blessed patch is here:
http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch

CVE id not yet available.

Can you please apply it and upload to unstable with priority=high?


thanks,
Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.7b-2.1+lenny2

We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:

cacti_0.8.7b-2.1+lenny2.diff.gz
  to main/c/cacti/cacti_0.8.7b-2.1+lenny2.diff.gz
cacti_0.8.7b-2.1+lenny2.dsc
  to main/c/cacti/cacti_0.8.7b-2.1+lenny2.dsc
cacti_0.8.7b-2.1+lenny2_all.deb
  to main/c/cacti/cacti_0.8.7b-2.1+lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 578...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated cacti package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 23 Apr 2010 15:25:57 +0200
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7b-2.1+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description: 
 cacti      - Frontend to rrdtool for monitoring systems and services
Closes: 578909
Changes: 
 cacti (0.8.7b-2.1+lenny2) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix SQL injection in template_export with upstream patch
     (BONSAI-2010-0104, closes: #578909)
Checksums-Sha1: 
 e3f95e752e89e6dd632cbba0efb1152d06ba231d 1408 cacti_0.8.7b-2.1+lenny2.dsc
 60c373c55e8fe9dfe211612240dea2723fa26d16 37338 cacti_0.8.7b-2.1+lenny2.diff.gz
 90c1133b99ce9df055583edd03dd9098a2977133 1826020 
cacti_0.8.7b-2.1+lenny2_all.deb
Checksums-Sha256: 
 4b76abf3db290720b5cccdec0d0ed0eeb03cc5ca001b9172b5ffa2e175f397c2 1408 
cacti_0.8.7b-2.1+lenny2.dsc
 09ae58856bb68a99fea63fb62fac744ad092968fa1e5949e139e0df769438efa 37338 
cacti_0.8.7b-2.1+lenny2.diff.gz
 8579adbc6b01baa305001d5967176139fca54c3e1fd37e49e86c297cefd28514 1826020 
cacti_0.8.7b-2.1+lenny2_all.deb
Files: 
 468d418ebedfd326081cbb159c159b55 1408 web extra cacti_0.8.7b-2.1+lenny2.dsc
 16b43e80a447a185f5372372836104ed 37338 web extra 
cacti_0.8.7b-2.1+lenny2.diff.gz
 b88356b2559091ae8444b93b5234e881 1826020 web extra 
cacti_0.8.7b-2.1+lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJL0aKrAAoJECIIoQCMVaAco/EH/i7WQMBKNXa/guUvuv/sjWlU
LwtzyA3Cm8FTOw9brt01ztQzMCsEObHwhAmWodTiU7plLr/yx+SYBPKjRPWgNq1J
sa8Dwv7x+hu272tGo2FETuRzWK+BMWyr9s3BdOopOizYG5mBkcPP6rWIP+nqxnre
fAoRR2Z2O4wf4MVv/FJz9KzbrXY1EETdIrhDaC8PY7NS0wLXm+jLSF5TOvnGpwA/
cZHJy8zEQ1gAfpywGPPTCNtVjqZbYWzBldG8jsKPqVIwwGAxa61PRXWKjFyb0Yqk
WEh3lyax8tk317w5Ze+RGPv6yA7xqPNMYrROcySHwGPtfeqq8/0TIpRrAOAOebc=
=mVzh
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to