Hi Paul, On Thu, August 11, 2011 22:45, Paul Gevers wrote: > On 07/03/11 19:35, Paul Gevers wrote: >> As discussed below and in bug 624516, I prepared a patch for >> CVE-2010-1644: cacti: XSS issues in host.php and data_sources.php in >> lenny. The maintainer of cacti suggested to contact you for further >> actions. I read [1] and prepared a .diff.gz and .dsc for you that you >> can find attached (with a slight change in the changelog with respect to >> the patch in bug report 624516). > > Is there any progress on the patch in bug 624516? Is there a way for me > to help further?
Thanks for your help and sorry that we didn't get around to processing this package earlier. I have taken a look and the package looks fine. However, there are other open Cacti issues in Lenny aswell, and I don't think it would make sense to release an update that includes a fix for this one but leaves others unfixed. For the list of issues, see: http://security-tracker.debian.org/tracker/source-package/cacti under "Open unimportant issues" (it's a bug that they're listed there, only the first issue is actually unimportant and may be ignored for lenny) Are you in a position to check each of these and provide a package for lenny that includes fixes for all issues where a fix is needed? As it seems, squeeze/wheezy/sid don't need any fixing, by the way. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
