Package: cacti Version: 0.8.7g-1 Tags: security upstream fixed-upstream Severity: grave
Several vulnerabilities have been disclosed in cacti: | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h | allows remote attackers to execute arbitrary SQL commands via the | login_username parameter. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824> The upstream announcement also mentions "Cross-site scripting issues": <http://www.cacti.net/release_notes_0_8_7h.php> Would you please fixed packages for lenny and squeeze and send a source debdiff to the security team? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
