Your message dated Sat, 05 Apr 2014 12:48:28 +0000 with message-id <e1wwq1m-0005c7...@franck.debian.org> and subject line Bug#743565: fixed in cacti 0.8.8b+dfsg-4 has caused the Debian Bug report #743565, regarding cacti: CVE-2014-2708 CVE-2014-2709 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cacti Severity: grave Tags: security upstream Dear cacti maintainers Two more vulnerabilities were published/CVE assigned for cacti. CVE-2014-2708[0] and CVE-2014-2709[1]. Fore the CVE assignment details see [2]. For these there is upstream commit [3] (both CVE addressed in same commit). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2708 https://security-tracker.debian.org/tracker/CVE-2014-2708 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2709 https://security-tracker.debian.org/tracker/CVE-2014-2709 [2] http://seclists.org/oss-sec/2014/q2/15 [3] http://svn.cacti.net/viewvc?view=rev&revision=7439 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: cacti Source-Version: 0.8.8b+dfsg-4 We believe that the bug you reported is fixed in the latest version of cacti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 743...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers <elb...@debian.org> (supplier of updated cacti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 05 Apr 2014 13:03:22 +0200 Source: cacti Binary: cacti Architecture: source all Version: 0.8.8b+dfsg-4 Distribution: unstable Urgency: high Maintainer: Cacti Maintainer <pkg-cacti-ma...@lists.alioth.debian.org> Changed-By: Paul Gevers <elb...@debian.org> Description: cacti - web interface for graphing of monitoring systems Closes: 743565 Changes: cacti (0.8.8b+dfsg-4) unstable; urgency=high . * Security update (Closes: 743565) - CVE-2014-2326 Cross-site scripting (XSS) vulnerability - CVE-2014-2328 Unspecified Remote Command Execution Vulnerability - CVE-2014-2708 SQL injection - CVE-2014-2709 Unspecified Remote Command Execution Vulnerability * Bump standards (no changes needed) * Fix VCS-Browser field * Fix license paragraph of jstree (Thanks lintian) Checksums-Sha1: 5b1322e3283bd3bbf536a4ee496f84b81e3bc71f 1647 cacti_0.8.8b+dfsg-4.dsc bdefb6a140c87202a4cd6eef5911de15caaa4981 96224 cacti_0.8.8b+dfsg-4.debian.tar.xz 5a01ed5aec578f9e2497edeeda512696ccd40e7d 1886376 cacti_0.8.8b+dfsg-4_all.deb Checksums-Sha256: bc3fd95653d2e5f69d9beb87d4e617b4750eb5b094bd0b74988c205a01b3803a 1647 cacti_0.8.8b+dfsg-4.dsc 211560566e2e9649ade19929bf28461781ac090d06765131e4f6008b9651e429 96224 cacti_0.8.8b+dfsg-4.debian.tar.xz 540aa80708b5ea1ec0498c57b8d259cb4d4ddc0a89ad7c1d46963efbf78edf52 1886376 cacti_0.8.8b+dfsg-4_all.deb Files: 1deaa9d0bfa3c31c14c0de8ada258e46 1647 web extra cacti_0.8.8b+dfsg-4.dsc dca44600cfad9c2b77891087e1082948 96224 web extra cacti_0.8.8b+dfsg-4.debian.tar.xz d4feaf8a466b735f114e8f578d0344ab 1886376 web extra cacti_0.8.8b+dfsg-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTP/daAAoJEJxcmesFvXUKZKIH/RnL/YfGsxJwm7IF/yDFTJAt dLrzXIUCRR3jcsXUunGGv9yJFFbaGMdbtQs4C7FWF2JQ3XoHchrY9ayN3FUAT3wn cXjv/ekWzHftcA9t7vdPNw7pnpyEQ4iVMyWGF8oeSS7Ml3qOYr187WcXY1HoCUBu Mt5026h+0v0mfzLXCE96wmjXc05+8zhw1J+V+xXpORzKDdHB0EhJhZ5Z33L8Xw3l 4UN5KacE18WBPBpvceMDXZDK8/t9ofx778h4IW+rxWPbVOUqHhy1KkJnyh4MOF3g tLtreNvKoAEf6IWA18+/ZICSUSiq+SutYOGfKHMG6sY/+xAou/xGm2dpJK3wz5c= =i7wP -----END PGP SIGNATURE-----
--- End Message ---
