Your message dated Mon, 09 Jan 2012 22:17:11 +0000
with message-id <e1rknwh-00027b...@franck.debian.org>
and subject line Bug#652371: fixed in cacti 0.8.7g-1+squeeze1
has caused the Debian Bug report #652371,
regarding [CVE-2011-4824] SQL injection issue in auth_login.php
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
652371: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652371
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cacti
Version: 0.8.7g-1
Tags: security upstream fixed-upstream
Severity: grave
Several vulnerabilities have been disclosed in cacti:
| SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h
| allows remote attackers to execute arbitrary SQL commands via the
| login_username parameter.
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4824>
The upstream announcement also mentions "Cross-site scripting issues":
<http://www.cacti.net/release_notes_0_8_7h.php>
Would you please fixed packages for lenny and squeeze and send a
source debdiff to the security team?
--- End Message ---
--- Begin Message ---
Source: cacti
Source-Version: 0.8.7g-1+squeeze1
We believe that the bug you reported is fixed in the latest version of
cacti, which is due to be installed in the Debian FTP archive:
cacti_0.8.7g-1+squeeze1.diff.gz
to main/c/cacti/cacti_0.8.7g-1+squeeze1.diff.gz
cacti_0.8.7g-1+squeeze1.dsc
to main/c/cacti/cacti_0.8.7g-1+squeeze1.dsc
cacti_0.8.7g-1+squeeze1_all.deb
to main/c/cacti/cacti_0.8.7g-1+squeeze1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 652...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mahyuddin Susanto <udi...@ubuntu.com> (supplier of updated cacti package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 29 Dec 2011 16:34:51 +0700
Source: cacti
Binary: cacti
Architecture: source all
Version: 0.8.7g-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Sean Finney <sean...@debian.org>
Changed-By: Mahyuddin Susanto <udi...@ubuntu.com>
Description:
cacti - Frontend to rrdtool for monitoring systems and services
Closes: 652371
Changes:
cacti (0.8.7g-1+squeeze1) stable-security; urgency=high
.
* Team upload.
* [SECURITY] Fixes SQL injection vulnerability in auth_login.php that allows
remote attackers to execute arbitrary SQL commands via the login_username
parameter. (Closes: #652371)
- debian/patches/CVE-2011-4824.patch
- CVE-2011-4824
Checksums-Sha1:
a5e867ca33507f949e40e5a422b3105bfe75c075 1149 cacti_0.8.7g-1+squeeze1.dsc
a5a710653e158b1bc950de0a1e2c60ee364bf782 2236916 cacti_0.8.7g.orig.tar.gz
6804b7b351070a6fbbeccaadbbaa981a8197f388 42726 cacti_0.8.7g-1+squeeze1.diff.gz
7fd6ad6808f44dc5c8c13e04a8baa0bfe57d07be 2096486
cacti_0.8.7g-1+squeeze1_all.deb
Checksums-Sha256:
eab7e1db89714acbf4d32806b3ecebeed4aad37056560558b754c14b1d394937 1149
cacti_0.8.7g-1+squeeze1.dsc
d09b3bf54f51bd42b2db0a62521cf6e408716978f75d6509ec56027c49c44585 2236916
cacti_0.8.7g.orig.tar.gz
3daa545b7a7234578a5c09e6ffe5c56a0b84905f1446453076fd183e53292ed5 42726
cacti_0.8.7g-1+squeeze1.diff.gz
2703849d48ea745c242ab74854794a8b3e49b16b40ffa5fcd134feb01897219a 2096486
cacti_0.8.7g-1+squeeze1_all.deb
Files:
b38719889d4a9b7cb78907febc4a41be 1149 web extra cacti_0.8.7g-1+squeeze1.dsc
268421cb1a58d3444f7ecbddb4c4b016 2236916 web extra cacti_0.8.7g.orig.tar.gz
6304c4816a3226f0faee457c89e837c8 42726 web extra
cacti_0.8.7g-1+squeeze1.diff.gz
3919d225859f837c5310e864479b740e 2096486 web extra
cacti_0.8.7g-1+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8J5QsACgkQ5UTeB5t8Mo2kPwCgg+2DjrYi+hDBr6zOBrfyUtO4
XMcAn2fayreiy9zb7BcoIdGvuaDSOFoG
=xlES
-----END PGP SIGNATURE-----
--- End Message ---
