Your message dated Mon, 09 Jan 2012 22:02:11 +0000
with message-id <e1rknib-0000zv...@franck.debian.org>
and subject line Bug#624516: fixed in cacti 0.8.7b-2.1+lenny4
has caused the Debian Bug report #624516,
regarding CVE-2010-1644: cacti: XSS issues in host.php and data_sources.php
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
624516: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624516
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cacti
Version: 0.8.7b-2.1+lenny3, 0.8.6i-3.6
Severity: grave
Tags: security
CVE Number: CVE-2010-1644
Descriptions:
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before
0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and
other products, allow remote attackers to inject arbitrary web script or
HTML via the (1) hostname or (2) description parameter to host.php, or
(3) the host_id parameter to data_sources.php.
References:
http://www.vupen.com/english/advisories/2010/1203
http://www.cacti.net/release_notes_0_8_7f.php
Upstream commit:
http://svn.cacti.net/viewvc?view=rev&revision=5901
Debian:
http://security-tracker.debian.org/tracker/CVE-2010-1644
I'll take care for this issue
--
[ Mahyuddin Susanto ] - 4096R/90B36C5B
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.7b-2.1+lenny4
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:
cacti_0.8.7b-2.1+lenny4.diff.gz
to main/c/cacti/cacti_0.8.7b-2.1+lenny4.diff.gz
cacti_0.8.7b-2.1+lenny4.dsc
to main/c/cacti/cacti_0.8.7b-2.1+lenny4.dsc
cacti_0.8.7b-2.1+lenny4_all.deb
to main/c/cacti/cacti_0.8.7b-2.1+lenny4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 624...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mahyuddin Susanto <udi...@ubuntu.com> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 09 Jan 2012 02:30:39 +0700
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7b-2.1+lenny4
Distribution: lenny-security
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Mahyuddin Susanto <udi...@ubuntu.com>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Closes: 624516 652371
Changes:
cacti (0.8.7b-2.1+lenny4) lenny-security; urgency=high
.
[ Paul Gevers ]
* Patch for CVE-2010-1644: XSS issues in host.php and data_sources.php
Closes: #624516
* Patch for CVE-2010-1645: which allows execution of arbitrary commands
by admins
* Patch for CVE-2010-2543: XSS issues in include/top_graph_header.php
* Patch for CVE-2010-2545: XSS issues in multiple files
.
[ Mahyuddin Susanto ]
* [SECURITY] Fixes SQL injection vulnerability in auth_login.php that allows
remote attackers to execute arbitrary SQL commands via the login_username
parameter. (Closes: #652371)
- debian/patches/CVE-2011-4824.patch
- CVE-2011-4824
Checksums-Sha1:
f4f3700ac4e7206036bb05920170db9c35b033b6 1117 cacti_0.8.7b-2.1+lenny4.dsc
55676c01d38c21718a1b9a2b1bd4e9a2f3b185e4 54204 cacti_0.8.7b-2.1+lenny4.diff.gz
88e98c2f4c00f145d9474636d2ed5ca8961b046d 1858138
cacti_0.8.7b-2.1+lenny4_all.deb
Checksums-Sha256:
6378ad9a79be93e5891913a7bd62e260dcd2d72b66b1afd600cf1f2816f8f132 1117
cacti_0.8.7b-2.1+lenny4.dsc
8302a04ae93c31ad1fca5c336703a1645d7badf90a9532561ae58672335c5c7d 54204
cacti_0.8.7b-2.1+lenny4.diff.gz
a8400cbfd20396532788ce962870fc9d7b21a2cf3e9d255de257c1c524aa35c1 1858138
cacti_0.8.7b-2.1+lenny4_all.deb
Files:
ce153cfe059970a8e6d5d397cc40933d 1117 web extra cacti_0.8.7b-2.1+lenny4.dsc
806e5fbc69010e44c1ddc8260eaa1f6a 54204 web extra
cacti_0.8.7b-2.1+lenny4.diff.gz
25857fbf4dfeef3f3e976afa0ffd824d 1858138 web extra
cacti_0.8.7b-2.1+lenny4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8KDcQACgkQ5UTeB5t8Mo0V4QCgjwfTqT3d/v6l72wYEIDGzsxI
6rMAoKRgIXSfWIsH5TuUHB5y/cPctvu5
=PZ/k
-----END PGP SIGNATURE-----
--- End Message ---
